CVE-2026-45038 Tabby: Dragging and Dropping a File into Tabby Can Lead to Code Execution

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control characters from file paths when dragging and dropping a file into it, code execution can be achieved. This vulnerability is fixed in 1.0.233...

CVE-2026-45037

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to send crafted termina...

CVE-2025-22136

Tabby (formerly Terminus) is affected by CVE-2025-22136. Prior to version 1.0.217, Tabby enables several high‑risk Electron fuses (RunAsNode, EnableNodeCliInspectArguments, EnableNodeOptionsEnvironmentVariable) that can create code injection vectors despite a hardened runtime and lack of dangerou...

Tabby 代码注入漏洞

Tabby Terminus is a highly configurable terminal emulator, SSH, and serial client for Windows 10, macOS, and Linux from the individual developers at Eugene. A code injection vulnerability exists in Tabby versions prior to 1.0.217, which stems from its enabling of multiple high-risk Electron Fuses...

CVE-2024-55950 Tabby has a TCC Bypass via Unnecessary Permissive Entitlements in Tabby

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.216, Tabby terminal emulator contains overly permissive entitlements that are unnecessary for its core functionality and plugin system, creating potential security vulnerabilities. The application currently holds...