Skip to main content

Tabby CVE-2026-45036

| EUVDEUVD-2026-30567 HIGH
OS Command Injection (CWE-78)
2026-05-15 GitHub_M
7.0
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.0 HIGH
AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Patch available
May 15, 2026 - 18:02 EUVD
Analysis Generated
May 15, 2026 - 17:31 vuln.today

DescriptionGitHub Advisory

Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. The ZModemMiddleware in tabby-terminal consumes all session output through a Zmodem.Sentry, and when a ZMODEM ZRQINIT header is detected, unconditionally calls detection.confirm() and writes a fixed ZRINIT response ( \x18B0100000023be50\r\n\x11) back into the active PTY as input. When the process that triggered the detection (e.g., cat) exits, the injected bytes are consumed by the user's shell as a command line. Under fish (default configuration), the prefix triggers recursive glob expansion against the current directory, allowing an attacker-placed executable at a matching nested path (e.g., d/xB0100000023be50) to be executed by relative pathname without relying on PATH. Under bash and zsh, a secondary xterm.js terminal color-query feedback (OSC 10) can be combined in the same file to inject a slash-containing command word that similarly bypasses PATH resolution. An attacker can exploit this by providing a crafted file (e.g., in a cloned Git repository) that a user displays with cat, achieving code execution with no interaction beyond viewing the file. This vulnerability is fixed in 1.0.233.

AnalysisAI

Local code execution in Tabby terminal emulator versions before 1.0.233 occurs when users view attacker-controlled files containing ZMODEM protocol headers. The vulnerability exploits automatic ZMODEM detection that injects commands into the user's shell when displaying malicious content with common commands like 'cat'. Real-world risk is moderate (EPSS data not provided) as it requires local access and user interaction, but enables code execution without explicit user consent beyond viewing a file.

Technical ContextAI

Tabby's ZModemMiddleware automatically processes terminal output through Zmodem.Sentry to detect ZMODEM file transfer protocol headers. When detecting a ZRQINIT header, it unconditionally confirms the detection and writes a ZRINIT response (\x18B0100000023be50\r\n\x11) back to the PTY. This CWE-78 OS command injection occurs because the injected bytes are interpreted as shell commands after the triggering process exits. The attack leverages shell-specific behaviors: fish shell's glob expansion and bash/zsh interaction with xterm.js OSC 10 color queries.

RemediationAI

Vendor-released patch: upgrade to Tabby version 1.0.233 or later which fixes the automatic ZMODEM confirmation behavior. The fix is available through the project's GitHub releases. As an immediate workaround, users should avoid using 'cat' or similar commands to display untrusted files, particularly in cloned repositories. Consider using 'less' or text editors that don't trigger ZMODEM detection. No other specific mitigations are available as the vulnerability is in core terminal processing functionality.

Share

CVE-2026-45036 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy