CVE-2026-44972 GuardDog: Unsanitized human-readable scan output allows terminal escape injection from malicious package content

GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...

CVE-2026-44972 GuardDog: Unsanitized human-readable scan output allows terminal escape injection from malicious package content

GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...

GitHub CLI: GitHub Actions log output in `gh run view` allows terminal escape sequence injection

Summary A security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. Details The vulnerability stems from the way GitHub CLI handles raw Actions log...

GuardDog: Unsanitized human-readable scan output allows terminal escape injection from malicious package content

Summary GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject ANSI or OSC escape sequences into analyst terminals or CI logs...

CVE-2026-35651

OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to...

CVE-2026-35651 OpenClaw 2026.2.13 < 2026.3.25 - ANSI Escape Sequence Injection in Approval Prompt

OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Version 2026.2.13 to 2026.3.24 of OpenClaw contained security vulnerabilities. These vulnerabilities were caused by ANSI escape sequence injections in the approval prompts, which could allow attackers to forge...

CVE-2026-3108

Mattermost: CVE-2026-3108 affects versions 11.2.x up to 11.2.2, 10.11.x up to 10.11.10, 11.4.x up to 11.4.0, and 11.3.x up to 11.3.1. The vulnerability arises from failure to sanitize user-controlled post content in mmctl commands terminal output, allowing crafted messages with ANSI/OSC escape se...

CVE-2026-3108 Terminal Escape Injection in mmctl Report Posts Command

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences...

CVE-2026-3108 Terminal Escape Injection in mmctl Report Posts Command

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences...

Exploit for Improper Encoding or Escaping of Output in Git

CVE-2024-52005: ANSI Escape Sequence Injection in Git Over...

openSUSE 15 Security Update : python-maturin (SUSE-SU-2025:03082-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:03082-1 advisory. - CVE-2025-58160: terminal escape injection via ANSI sequences from untrusted input bsc1249011. Tenable has extracted the preceding description block direct...

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization of user-supplied input in several fields, including repository descriptions, project names, git commit author names, commit messages, access token names, and webhook URLs. An attacker can inject malicious ANSI...

EUVD-2020-0232

Malware in sbrugna...

Amazon Linux 2023 : glycin-loaders (ALAS2023-2025-1193)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1193 advisory. tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence...

AZL-73211 CVE-2025-58160 affecting package kata-containers 3.19.1.kata2-6

tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...

UBUNTU-CVE-2025-58160

tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...

CVE-2025-55193

A flaw was found in activerecord. The find and similar methods may log unescaped identifiers passed as IDs, including ANSI escape codes. An attacker with the ability to directly observe the application's terminal output can view these unescaped sequences. This allows for the injection of ANSI...

Vulnerability fixed in Splunk SOAR

Splunk has fixed a vulnerability in Splunk SOAR. The vulnerability allows an unauthenticated malicious person to inject inject ANSI escape code into a log file. To do so, the malicious party must send a specially prepared HTTP request to the Spunk SOAR instance. When this log file is read in a...

AWS CloudShell Terminal Escape Injection / Remote Code Execution Vulnerabilities

The javascript terminal emulator used by AWS CloudShell handles certain terminal escape codes incorrectly. This can lead to remote code execution if attacker controlled data is displayed in a CloudShell instance. Terminal escape injection in AWS CloudShell The javascript terminal emulator used by...