CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 2026/06/16 2:21 a.m.•6 views

SUSE CVE-2026-42851

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal - a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. - can cause kitty to execute...

7.8CVSS5.6AI score0.00164EPSS

SUSE CVE•added 2026/06/15 1:20 a.m.•11 views

SUSE CVE-2026-54057

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 color-control query reply reflects attacker-controlled bytes, including newlines, into the shell's input without sanitization. Version 0.47.3 fixes the issue...

7.8CVSS5.2AI score0.00166EPSS

OPENSUSE Linux•added 2026/06/15 12:0 a.m.•5 views

kitty-0.47.3-1.1 on GA media (moderate)

kitty-0.47.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:11021-1 Rating: moderate Cross-References: CVE-2026-54057 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the kitty-0.47.3-1.1...

7.8CVSS5.3AI score0.00166EPSS

Exploits1

RedhatCVE•added 2026/06/13 2:34 a.m.•11 views

CVE-2026-54055

A flaw was found in Kitty, a cross-platform GPU-based terminal. A local attacker, specifically a child process running within the terminal, can exploit a Time-of-Check-Time-of-Use TOCTOU race condition in the file transmission protocol. This allows the attacker to create a symbolic link between a...

5CVSS5AI score0.00072EPSS

Exploits0References2

RedhatCVE•added 2026/06/13 2:34 a.m.•11 views

CVE-2026-54057

A flaw was found in Kitty, a cross-platform GPU-based terminal. An input sanitization vulnerability in Kitty's OSC 21 color-control query reply allows an attacker to inject controlled bytes, including newlines, directly into the shell's input. This could enable an attacker to execute arbitrary co...

7.8CVSS5.5AI score0.00166EPSS

RedhatCVE•added 2026/06/13 2:34 a.m.•14 views

CVE-2026-54056

A flaw was found in Kitty, a cross-platform GPU based terminal. A remote attacker can exploit a vulnerability in the kitten dnd feature by sending a specially crafted drag-and-drop request. This allows the attacker to overwrite or truncate arbitrary files on the local system that are writable by...

7.6CVSS5AI score0.00268EPSS

RedhatCVE•added 2026/06/13 2:34 a.m.•11 views

CVE-2026-42851

A flaw was found in Kitty, a cross-platform GPU-based terminal. A local attacker, or a remote attacker who can control output displayed in the terminal, could exploit this vulnerability. By sending specially crafted input to the terminal, the attacker can cause Kitty to execute arbitrary Python...

7.8CVSS5.8AI score0.00164EPSS

RedhatCVE•added 2026/06/13 2:34 a.m.•12 views

CVE-2026-42850

A flaw was found in Kitty, a cross-platform GPU based terminal. A remote attacker could exploit this vulnerability by sending a specially crafted escape code to a victim who is connected to the attacker via a program like netcat. This escape code triggers an unescaped error that is then executed ...

8.8CVSS5.6AI score0.00287EPSS

Tenable Nessus•added 2026/06/13 12:0 a.m.•10 views

Linux Distros Unpatched Vulnerability : CVE-2026-54055

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protoc...

5CVSS6AI score0.00072EPSS

Exploits0References3

Tenable Nessus•added 2026/06/13 12:0 a.m.•11 views

Linux Distros Unpatched Vulnerability : CVE-2026-42851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal a remote SSH peer, a downloaded fil...

7.8CVSS5.8AI score0.00164EPSS

Tenable Nessus•added 2026/06/13 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-42850

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special...

8.8CVSS6AI score0.00287EPSS

OSV•added 2026/06/13 12:0 a.m.•3 views

OPENSUSE-SU-2026:11021-1 kitty-0.47.3-1.1 on GA media

These are all security issues fixed in the kitty-0.47.3-1.1 package on the GA media of openSUSE Tumbleweed...

7.8CVSS5.3AI score0.00166EPSS

Tenable Nessus•added 2026/06/13 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-54057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 color-control query reply reflects attacker-controlled bytes, includin...

7.8CVSS5.9AI score0.00166EPSS

NVD•added 2026/06/12 9:16 p.m.•7 views

CVE-2026-54057

7.8CVSS0.00166EPSS

NVD•added 2026/06/12 9:16 p.m.•10 views

CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.6CVSS0.00268EPSS

OSV•added 2026/06/12 9:16 p.m.•6 views

DEBIAN-CVE-2026-54057

7.8CVSS5.3AI score0.00166EPSS

OSV•added 2026/06/12 9:16 p.m.•9 views

DEBIAN-CVE-2026-54056

7.1CVSS5.7AI score0.00268EPSS