Description

Halloy is an IRC application written in Rust. In versions on \*nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in `0644` on files and `0755` on directories. This allows any local user on the system to read plaintext credentials stored in `config.toml` or referenced `password_file` paths. Commit f180e41061db393acf65bc99f5c5e7397586d9cb patches the issue.

INFO

Published Date :

2026-03-20T22:40:49.237Z

Last Modified :

2026-03-23T21:41:38.612Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-32810 vulnerability.

Vendors Products
Halloy
  • Halloy
Squidowl
  • Halloy
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-32810.

URL Resource
https://github.com/squidowl/halloy/commit/f180e41061db393acf65bc99f5c5e7397586d9cb cve-icon cve-icon
https://github.com/squidowl/halloy/security/advisories/GHSA-x5j2-fr4h-9p7g cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact