CVE-2026-32810 - Vulnerability Analysis
MediumCVSS: 5.5Last Updated: March 23, 2026
Halloy - Information Disclosure
Published: March 20, 2026Updated: March 23, 2026PoC Available
Overview
Halloy IRC application on *nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb contains an information disclosure vulnerability caused by default umask permissions on config files, letting local attackers read plaintext credentials, exploit requires local system access.
Severity & Score
Severity: Medium
CVSS Score: 5.5
Impact
Local attackers can read plaintext credentials from config files, leading to credential compromise and potential further system access.
Mitigation
Update to the version including commit f180e41061db393acf65bc99f5c5e7397586d9cb or later.
References
Related Resources
Details
- CVE ID
- CVE-2026-32810
- Severity
- Medium
- CVSS Score
- 5.5
- Type
- information_disclosure
- Status
- modified
CWE
- CWE-732
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N