Severity by source
AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
Lifecycle Timeline
4DescriptionCVE.org
In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conductor encoding path, such as a pathname with an initial ace/c+ substring, aka "hypothetical in-band signaling abuse." This occurs because iTerm2 accepts the SSH conductor protocol from terminal output that does not originate from a legitimate conductor session.
AnalysisAI
Remote code execution in iTerm2 through version 3.6.9 allows local attackers to execute arbitrary code by displaying a specially crafted text file when a malicious file with a conductor-protocol-compatible name exists in the working directory. The vulnerability exploits iTerm2's acceptance of SSH conductor protocol sequences (DCS 2000p and OSC 135) from terminal output without validating the source, enabling in-band signaling abuse where filenames themselves become attack vectors. CVSS 6.9 reflects local attack vector and high complexity, but practical exploitation requires user interaction (opening a file) combined with directory-resident malware.
Technical ContextAI
iTerm2 is a macOS terminal emulator that supports advanced terminal protocols including the SSH conductor protocol for authenticated remote session management. The vulnerability stems from improper validation of terminal escape sequences (specifically Device Control String DCS 2000p and Operating System Command OSC 135) that are intended for legitimate conductor protocol sessions. The root cause (CWE-829: Inclusion of Functionality from Untrusted Control Sphere) manifests when iTerm2 processes these protocol sequences from arbitrary terminal output without verifying they originate from an authenticated conductor session. An attacker exploits this by crafting a filename that, when displayed via standard commands like 'cat' on a file with a name matching conductor encoding output (e.g., containing 'ace/c+' substrings), triggers the protocol parser. When the terminal application prints this filename as part of file display or listing, the escape sequences embedded in or induced by the filename are interpreted as legitimate conductor commands, leading to code execution in the iTerm2 process context.
RemediationAI
Update iTerm2 to the patched version released after 3.6.9; refer to https://iterm2.com/downloads.html for the latest release. The upstream fix is documented in commit a9e745993c2e2cbb30b884a16617cd5495899f86 (https://github.com/gnachman/iTerm2/commit/a9e745993c2e2cbb30b884a16617cd5495899f86), which addresses validation of conductor protocol sequences to reject those not originating from legitimate authenticated sessions. Until patching is possible, defensive measures include: avoid displaying or listing files in directories with untrusted or downloaded content, use 'file' or other tools that do not echo filenames verbatim instead of 'cat' on unknown files, and disable or restrict access to terminal paste functionality if available. Users should be cautious when cloning repositories or extracting archives from untrusted sources into home directories where they may later be enumerated.
An issue was discovered in iTerm2 3.5.x before 3.5.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences relate
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences relate
A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execut
iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. Rated high severity (CVSS
iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.i
In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution mi
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. Rated critical severity (CV
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. Rated critical severity
iTerm2 before 3.4.18 mishandles a DECRQSS response. Rated critical severity (CVSS 9.8), this vulnerability is remotely e
iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from termina
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23656