Lucene search
K

598 matches found

Cvelist
Cvelist
added 2026/06/12 8:3 p.m.30 views

CVE-2026-54055 Kitty has an Arbitrary File Write via Symlink Race Condition in File Transmission Protocol

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU...

5CVSS0.00072EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:3 p.m.21 views

CVE-2026-54055

Kitty (cross‑platform GPU terminal) contains a local privilege escalation vulnerability in its file transmission protocol prior to 0.47.2. A TOCTOU race between symlink validation and file creation allows a child process in the terminal to cause an attack to write to arbitrary files because os.op...

5CVSS5.5AI score0.00072EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/12 8:3 p.m.6 views

CVE-2026-54055

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU...

5CVSS5.6AI score0.00072EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/12 8:3 p.m.7 views

CVE-2026-54055

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU...

5CVSS5.5AI score0.00072EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/12 8:0 p.m.6 views

CVE-2026-42851

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. — can cause kitty to execute...

7.8CVSS5.7AI score0.00164EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:0 p.m.8 views

CVE-2026-42851 @kitty-edit DCS + --color=geninclude vulnerable to Unauthenticated in-process RCE

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. — can cause kitty to execute...

7.8CVSS5.5AI score0.00164EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/12 8:0 p.m.11 views

EUVD-2026-36555

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. — can cause kitty to execute...

7.8CVSS5.6AI score0.00164EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/12 8:0 p.m.30 views

CVE-2026-42851 @kitty-edit DCS + --color=geninclude vulnerable to Unauthenticated in-process RCE

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. — can cause kitty to execute...

7.8CVSS0.00164EPSS
Exploits1References1
CVE
CVE
added 2026/06/12 8:0 p.m.20 views

CVE-2026-42851

CVE-2026-42851 (Kitty terminal) : In versions prior to 0.47.0, a program that writes bytes to a Kitty terminal can trigger execution of attacker-supplied Python inside the Kitty process with the user’s privileges. This is a local issue with high impact to confidentiality, integrity, and availabil...

7.8CVSS5.6AI score0.00164EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2026/06/12 8:0 p.m.9 views

CVE-2026-42851

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. — can cause kitty to execute...

7.8CVSS5.6AI score0.00164EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2026/06/12 7:59 p.m.6 views

CVE-2026-42850

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

7.4CVSS5.6AI score0.00287EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/12 7:59 p.m.9 views

EUVD-2026-36553

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

7.4CVSS5.5AI score0.00287EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/12 7:59 p.m.30 views

CVE-2026-42850 Kitty has a shell command injection

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

7.4CVSS0.00287EPSS
Exploits1References1
CVE
CVE
added 2026/06/12 7:59 p.m.16 views

CVE-2026-42850

CVE-2026-42850 affects the Kitty terminal (GPU-based, cross-platform). In versions prior to 0.47.0, an injection is possible through a crafted kitty error that is echoed back to the terminal with CRLF and executed by the user’s shell. The attack requires the victim to connect to the attacker (e.g...

8.8CVSS5.5AI score0.00287EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 7:59 p.m.12 views

CVE-2026-42850 Kitty has a shell command injection

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

7.4CVSS5.5AI score0.00287EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/06/12 7:59 p.m.8 views

CVE-2026-42850

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

8.8CVSS5.5AI score0.00287EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48967

Name of the Vulnerable Software and Affected Versions Kitty versions prior to 0.47.0 Description Command injection is possible within the subshell through the terminal error mechanism. A specific escape code triggers an error that is not properly escaped and is echoed back to the terminal with...

7.4CVSS5.5AI score0.00287EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-48968

Name of the Vulnerable Software and Affected Versions Kitty versions prior to 0.47.0 Description A flaw allows a program capable of writing bytes to the terminal—such as a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, or an issue body in a TUI—to...

7.8CVSS5.8AI score0.00164EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-48993

Name of the Vulnerable Software and Affected Versions kitty versions prior to 0.47.3 Description In the kitty GPU-based terminal, the OSC 21 color-control query reply reflects attacker-controlled bytes, including newlines, into the shell input without proper sanitization. Recommendations Update t...

7.3CVSS5.2AI score0.00166EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-48969

Name of the Vulnerable Software and Affected Versions Kitty versions prior to 0.47.2 Description A local privilege escalation exists in the file transmission protocol. A child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU...

5CVSS5.4AI score0.00072EPSS
Exploits0References4
Rows per page
Query Builder