Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/12 7:59 p.m.28 views

CVE-2026-42850 Kitty has a shell command injection

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

7.4CVSS0.00287EPSS
Exploits1References1
CVE
CVE
added 2026/06/12 7:59 p.m.14 views

CVE-2026-42850

CVE-2026-42850 affects the Kitty terminal (GPU-based, cross-platform). In versions prior to 0.47.0, an injection is possible through a crafted kitty error that is echoed back to the terminal with CRLF and executed by the user’s shell. The attack requires the victim to connect to the attacker (e.g...

8.8CVSS5.5AI score0.00287EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2026/06/12 7:59 p.m.8 views

CVE-2026-42850

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

8.8CVSS5.5AI score0.00287EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-48967

Name of the Vulnerable Software and Affected Versions Kitty versions prior to 0.47.0 Description Command injection is possible within the subshell through the terminal error mechanism. A specific escape code triggers an error that is not properly escaped and is echoed back to the terminal with...

7.4CVSS5.5AI score0.00287EPSS
Exploits1References3
Rows per page
Query Builder