cve 2026-6843

CVE-2026-6843 is a medium-severity vulnerability in GNU nano, a terminal text editor, disclosed in April 2026. The flaw involves a format string bug that allows a local attacker to crash the editor by tricking it into displaying a directory name containing printf-style format specifiers. While not a remote code execution threat, the vulnerability is significant for Windows environments because GNU nano is commonly used in WSL, containers, build agents, and cloud distributions. Microsoft's Security Response Center is tracking this issue, and patching is recommended to prevent denial-of-service disruptions in automated workflows. The bug highlights how legacy C programming errors can still impact modern infrastructure.