Zero Day MonitorZDM

← Back to list

5.5

CVE-2026-6843EXPLOITED

red hat · red hat enterprise linux

Nano: nano: format string vulnerability leads to denial of service

Description

A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application attempts to display this name, leading to a segmentation fault (SEGV). This results in a Denial of Service (DoS) for the `nano` application.

Affected Products

Vendor	Product	Versions
red hat	red hat enterprise linux	—

References

https://access.redhat.com/security/cve/CVE-2026-6843(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2460017(issue-tracking, x_refsource_REDHAT)

Related News (1 articles)

Tier C

VulDB6d ago

CVE-2026-6843 | nano statusline format string

→ No new info (linked only)

CVSS 3.15.5 NONE

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-134

PublishedApr 22, 2026

Last enriched6d agov2

Trending Score15

Source articles1

Independent1

Info Completeness7/14

Missing: versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

Multiple Vulnerabilities in Red Hat Products Allow Remote Code Execution, File Manipulation, and Denial of Service

NONECVE-2025-14831

Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification

MEDIUMCVE-2025-66286

Webkitgtk: authorization bypass through webpage::send-request signal handler

NONECVE-2026-7309

Openshift-controller-manager: openshift container platform: information disclosure via environment variable injection

NONECVE-2026-6855EXP

Instructlab: instructlab: path traversal allows arbitrary directory creation and file write

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 22, 2026

Discovered by ZDM

Apr 22, 2026

Updated: severity, activelyExploited

Apr 22, 2026

Actively Exploited

Apr 22, 2026

Version History

v2

Last enriched 6d ago

v2Tier C6d ago

Updated severity to CRITICAL and marked the vulnerability as actively exploited.

severityactivelyExploited

via VulDB

v16d ago

Initial creation