Skip to main content

Kitty terminal CVE-2026-42851

| EUVD-2026-36555 HIGH
Code Injection (CWE-94)
2026-06-12 security-advisories@github.com
Python Code Injection RCE
7.8
CVSS 3.1 · Vendor: github
Share

Severity by source

Vendor (github) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

Bytes must reach a local kitty TTY (AV:L) and the user must render them (UI:R); no auth or privileges needed (PR:N), and arbitrary Python as the user yields full C/I/A impact.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (github).

CVSS VectorVendor: github

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Patch available
Jun 12, 2026 - 21:01 EUVD
Analysis Generated
Jun 12, 2026 - 20:30 vuln.today

DescriptionCVE.org

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal - a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. - can cause kitty to execute attacker-supplied Python inside the running kitty process, with the user's full privileges. There is no approval prompt, no remote-control permission requirement, no shell-integration interaction, no clipboard touch, and no editor interaction. Version 0.47.0 fixes the issue.

Articles & Coverage 1

News 5 New Python Vulnerabilities - 1 Critical, 4 High Severity Jun 13, 2026

AnalysisAI

Remote code execution in Kitty terminal emulator versions prior to 0.47.0 allows any process or remote peer that can write bytes to the terminal - including SSH sessions, file viewers like cat or less, log tailers, and TUI applications - to execute attacker-supplied Python code inside the running kitty process with full user privileges. Exploitation requires no approval prompt, no shell integration, no clipboard interaction, and no editor involvement, making any rendered untrusted content a viable injection vector. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Stage malicious bytes in file, log, or SSH output
Delivery
Victim renders content in kitty < 0.47.0 (cat/less/SSH/TUI)
Exploit
Kitty parses crafted terminal sequence
Execution
Embedded Python evaluated in kitty process
Persist
Code runs with user privileges
Impact
Exfiltrate keys, pivot to other hosts
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Victim must be running Kitty terminal emulator at a version below 0.47.0 and must cause attacker-controlled bytes to be written to a kitty window - this includes any of: an SSH session to a compromised remote host, `cat`/`less`/`tail` of an attacker-influenced file or log, an email or chat message body rendered in a TUI, or an issue/PR body viewed in a terminal client. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H scores 7.8 (High) and reflects local attack vector with required user interaction, but the practical risk is meaningfully higher than that vector suggests because 'user interaction' here is as trivial as viewing a file, reading an email, or letting an SSH session print output - actions users perform constantly without expecting code execution. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker hosts a file (release note, log, README, email body) containing crafted terminal escape sequences and waits for a victim using kitty < 0.47.0 to render it - for example by running `cat payload.txt`, `less message.eml`, viewing a GitHub issue in a TUI, or tailing a log shipped from an attacker-controlled service. The moment the bytes reach the kitty window, kitty interprets them and executes the embedded Python with the user's privileges, giving the attacker a shell-equivalent foothold on the developer workstation with no prompt or warning. …
Remediation Vendor-released patch: upgrade kitty to version 0.47.0 or later, which fully fixes the issue per the vendor advisory at https://github.com/kovidgoyal/kitty/security/advisories/GHSA-w98g-hpvr-r332. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all systems running Kitty and confirm affected versions (0.46.x and earlier). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-48039 CRITICAL POC
9.1 Jun 11

Unauthenticated remote attackers can invoke MCP tool handlers and exfiltrate the operator's long-lived Meta Graph API ac
CVE-2026-45833 CRITICAL
9.4 Jun 12

Authenticated remote code execution in ChromaDB Python project versions 0.4.17 and later enables attackers holding the U
CVE-2026-48031 CRITICAL
9.1 Jun 10

Authentication bypass in dhax/go-base Go REST API boilerplate (versions prior to commit cc82b974, merged May 17, 2026) a
CVE-2026-11393 HIGH
8.8 Jun 08

Remote code execution in AWS AgentCore CLI before v0.14.2 allows authenticated attackers to inject Python code via craft
CVE-2026-20251 HIGH
8.8 Jun 10

Remote code execution in Splunk Enterprise, Splunk Cloud Platform, and the Splunk Secure Gateway app allows a low-privil

Share

CVE-2026-42851 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy