GNU nano creates the user’s ~/.local directory with overly permissive permissions when the directory does not exist yet. On first use of features requiring Cross-Desktop Group (XDG) data storage, nano explicitly requests directory mode 0777, making the directory world‑writable in environments where the process umask does not sufficiently restrict permissions.
In systems with a relaxed or zero umask, such as container environments, CI/CD runners, embedded systems, or user shells configured with umask 000, this results in ~/.local being created as world‑writable. A local attacker can exploit a race window between nano’s creation of ~/.local and its subsequent creation of more restrictive subdirectories to write attacker‑controlled files into the victim’s XDG directory hierarchy.

This problem was fixed in nano version 9.0