Vulnerability in Squidowl Halloy

CVE-2026-32810

Halloy is an IRC application written in Rust. In versions on \*nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results i…

EPSS: 0.000 (0.3th percentile) — read the EPSS interpretation.

Affected products

Squidowl Halloy — versions <= 2026.4

Weakness classification (CWE)

CWE-732 — Incorrect Permission Assignment for Critical Resource

References

https://github.com/squidowl/halloy/security/advisories/GHSA-x5j2-fr4h-9p7g (x_refsource_CONFIRM)
https://github.com/squidowl/halloy/commit/f180e41061db393acf65bc99f5c5e7397586d9cb (x_refsource_MISC)