CVE-2026-32810 Unknown

CVE-2026-32810

SUSE Released: April 16, 2026 Updated: April 16, 2026 Restart Required

Description

CVE-2026-32810 Halloy is an IRC application written in Rust. In versions on \*nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in `0644` on files and `0755` on directories. This allows any local user on the system to read plaintext credentials stored in `config.toml` or referenced `password_file` paths. Commit f180e41061db393acf65bc99f5c5e7397586d9cb patches the issue. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

Fixed Vulnerabilities 1

CVE-2026-32810 N/A 0.0 ⚠️ KEV fixed

Mar 20, 2026

Halloy is an IRC application written in Rust. In versions on \*nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files…

Quick Info

Patch ID: CVE-2026-32810

Vendor: SUSE

Severity: Unknown

CVEs Fixed: 1

Restart: Required

Vendor

SUSE

Additional Info

advisory id: CVE-2026-32810

advisory type: Security Update

cvrf filename: cvrf-CVE-2026-32810.xml

CVE Vulnerabilities

Posts & Pages