Severity by source
AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionGitHub Advisory
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. The ZModemMiddleware in tabby-terminal consumes all session output through a Zmodem.Sentry, and when a ZMODEM ZRQINIT header is detected, unconditionally calls detection.confirm() and writes a fixed ZRINIT response ( \x18B0100000023be50\r\n\x11) back into the active PTY as input. When the process that triggered the detection (e.g., cat) exits, the injected bytes are consumed by the user's shell as a command line. Under fish (default configuration), the prefix triggers recursive glob expansion against the current directory, allowing an attacker-placed executable at a matching nested path (e.g., d/xB0100000023be50) to be executed by relative pathname without relying on PATH. Under bash and zsh, a secondary xterm.js terminal color-query feedback (OSC 10) can be combined in the same file to inject a slash-containing command word that similarly bypasses PATH resolution. An attacker can exploit this by providing a crafted file (e.g., in a cloned Git repository) that a user displays with cat, achieving code execution with no interaction beyond viewing the file. This vulnerability is fixed in 1.0.233.
AnalysisAI
Local code execution in Tabby terminal emulator versions before 1.0.233 occurs when users view attacker-controlled files containing ZMODEM protocol headers. The vulnerability exploits automatic ZMODEM detection that injects commands into the user's shell when displaying malicious content with common commands like 'cat'. Real-world risk is moderate (EPSS data not provided) as it requires local access and user interaction, but enables code execution without explicit user consent beyond viewing a file.
Technical ContextAI
Tabby's ZModemMiddleware automatically processes terminal output through Zmodem.Sentry to detect ZMODEM file transfer protocol headers. When detecting a ZRQINIT header, it unconditionally confirms the detection and writes a ZRINIT response (\x18B0100000023be50\r\n\x11) back to the PTY. This CWE-78 OS command injection occurs because the injected bytes are interpreted as shell commands after the triggering process exits. The attack leverages shell-specific behaviors: fish shell's glob expansion and bash/zsh interaction with xterm.js OSC 10 color queries.
RemediationAI
Vendor-released patch: upgrade to Tabby version 1.0.233 or later which fixes the automatic ZMODEM confirmation behavior. The fix is available through the project's GitHub releases. As an immediate workaround, users should avoid using 'cat' or similar commands to display untrusted files, particularly in cloned repositories. Consider using 'less' or text editors that don't trigger ZMODEM detection. No other specific mitigations are available as the vulnerability is in core terminal processing functionality.
Remote code execution in Tabby terminal emulator versions prior to 1.0.233 allows unauthenticated attackers to execute a
Local code execution in Tabby terminal emulator versions before 1.0.233 occurs when dragging and dropping files containi
Command injection in Tabby (formerly Terminus) terminal emulator before 1.0.234 lets an attacker achieve code execution
Tabby terminal emulator before version 1.0.232 automatically renders malicious URIs from SSH/Telnet servers as clickable
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30567