CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2 days ago•7 views

CVE-2026-54057

A flaw was found in Kitty, a cross-platform GPU-based terminal. An input sanitization vulnerability in Kitty's OSC 21 color-control query reply allows an attacker to inject controlled bytes, including newlines, directly into the shell's input. This could enable an attacker to execute arbitrary co...

7.3CVSS5.5AI score0.00022EPSS

RedhatCVE•added 2 days ago•8 views

CVE-2026-42850

A flaw was found in Kitty, a cross-platform GPU based terminal. A remote attacker could exploit this vulnerability by sending a specially crafted escape code to a victim who is connected to the attacker via a program like netcat. This escape code triggers an unescaped error that is then executed ...

7.4CVSS5.6AI score0.00047EPSS

Tenable Nessus•added 2 days ago•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-54055

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protoc...

5CVSS5.7AI score0.00012EPSS

OSV•added 3 days ago•4 views

DEBIAN-CVE-2026-54057

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 color-control query reply reflects attacker-controlled bytes, including newlines, into the shell's input without sanitization. Version 0.47.3 fixes the issue...

NVD•added 3 days ago•3 views

CVE-2026-54057

7.3CVSS0.00022EPSS

NVD•added 3 days ago•5 views

CVE-2026-54055

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU...

5CVSS0.00012EPSS

OSV•added 3 days ago•3 views

DEBIAN-CVE-2026-42850

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

7.4CVSS5.5AI score0.00047EPSS

NVD•added 3 days ago•5 views

CVE-2026-42850

7.4CVSS0.00047EPSS

Cvelist•added 3 days ago•22 views

CVE-2026-54057 Kitty vulnerable to command injection via unsanitized OSC 21 query reply

7.3CVSS0.00022EPSS

CVE•added 3 days ago•5 views

CVE-2026-54057

Kitty (cross-platform GPU-based terminal) is affected in versions prior to 0.47.3. The issue arises in the OSC 21 (color-control) query reply, which may reflect attacker-controlled bytes—including newlines—into the shell input without sanitization. This can enable local command injection or input...

EUVD•added 3 days ago•5 views

EUVD-2026-36579

Debian CVE•added 3 days ago•4 views

CVE-2026-54057

Debian CVE•added 3 days ago•5 views

Exploits0

CVE-2026-54055

5CVSS5.5AI score0.00012EPSS

Exploits0

Cvelist•added 3 days ago•24 views

CVE-2026-42851 @kitty-edit DCS + --color=geninclude vulnerable to Unauthenticated in-process RCE

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. — can cause kitty to execute...

7.8CVSS0.0002EPSS

EUVD•added 3 days ago•8 views

EUVD-2026-36555

7.8CVSS5.6AI score0.0002EPSS

EUVD•added 3 days ago•6 views

EUVD-2026-36553

7.4CVSS5.5AI score0.00047EPSS