Monthly
Terminal injection in Claude HUD through version 0.0.12 allows an attacker who controls a Git branch name or working directory path to embed arbitrary ANSI escape sequences into terminal sessions via unsanitized OSC 8 hyperlink construction. When a user runs Claude HUD in an affected terminal emulator and clicks a rendered project or branch hyperlink, injected sequences—including OSC 52 clipboard writes and forged prompts—are processed by the terminal. The vulnerability has no public exploit identified at time of analysis and is not listed in CISA KEV, but the clipboard-poisoning vector carries meaningful risk for developers routinely cloning untrusted repositories.
Local code execution in Tabby terminal emulator versions before 1.0.233 occurs when dragging and dropping files containing control characters in their paths. The terminal fails to properly escape control sequences, allowing attackers to execute arbitrary commands through crafted filenames when a user drags a malicious file into the terminal window.
Terminal escape sequence injection in GitHub CLI 1.6.0 through 2.91.x allows authenticated attackers with pull request creation rights to inject malicious terminal control sequences into Actions workflow logs. When victims execute 'gh run view --log' or 'gh run view --log-failed' to inspect workflow runs, unsanitized escape sequences replay in their terminal, enabling window title manipulation, on-screen content alteration, or arbitrary command execution in vulnerable emulators like GNU screen. The attack requires low complexity and user interaction (victim must view logs), with impact limited to terminal integrity. CVSS score of 3.5 reflects low-severity integrity impact, though real-world risk varies significantly by terminal emulator capabilities. No active exploitation confirmed at time of analysis.
KDE KCoreAddons before version 6.25 contains an improper neutralization of special elements vulnerability in the KShell::quoteArgs() function that fails to safely escape metacharacters and control characters, allowing local attackers with user interaction to inject arbitrary shell commands or terminal control sequences when user input is passed to shell execution contexts. Applications using this method to quote arguments for security-critical operations are affected; exploitation requires local access and user interaction but can achieve arbitrary code execution with user privileges.
CPython's http.cookies.Morsel.js_output() method generates inline script snippets that fail to neutralize the HTML parser-sensitive sequence </script>, allowing attackers with high privilege levels to inject arbitrary JavaScript by crafting malicious cookie values. While the method escapes double quotes for JavaScript string context, it does not prevent premature termination of the script element through </script> injection, resulting in limited information disclosure. The vendor has released patches addressing this inadequate escaping mechanism through base64-encoding of cookie values.
MuPDF mutool fails to sanitize PDF metadata before displaying it in terminal output, allowing local attackers to inject ANSI escape sequences through crafted PDF files. When a user runs mutool info on a malicious PDF, embedded escape codes can clear the terminal and display fabricated text for social engineering attacks such as fake login prompts or spoofed shell commands. This is a low-severity local vulnerability (CVSS 3.3) requiring user interaction, with a vendor-released patch available.
Escape sequence injection in Microsoft Power Apps versions prior to 3.26032.10.0 allows authenticated attackers with low privileges to bypass security controls and achieve remote code execution with high confidentiality, integrity, and availability impact across security boundaries. The vulnerability requires user interaction and affects Power Apps 1710 (build 9.2.23071.136 and earlier). EPSS score of 0.08% (23rd percentile) suggests low probability of mass exploitation despite critical CVSS 9.0 rating. Vendor patch available via Microsoft Security Response Center advisory.
OpenClaw versions 2026.2.13 through 2026.3.24 allow unauthenticated remote attackers to inject ANSI escape sequences into approval prompts and permission logs via malicious tool metadata, enabling spoofing of terminal output and manipulation of displayed information. The vulnerability requires user interaction (display of the approval prompt) and results in integrity impact only, with a CVSS score of 4.3. A vendor patch is available.
Mattermost's mmctl command-line administration tool fails to sanitize ANSI and OSC escape sequences embedded in user-generated post content, enabling authenticated low-privilege attackers to inject malicious terminal control codes when administrators export or query messages. Exploitation allows screen manipulation, fake prompt injection, and clipboard hijacking against administrators running mmctl commands, potentially leading to secondary code execution if administrators are tricked into running injected commands. CISA SSVC framework indicates no current exploitation, non-automatable attack requiring high complexity and user interaction, but with total technical impact potential.
An improper neutralization of escape, meta, or control sequences vulnerability (CWE-150) affects QNAP QHora/QuRouter devices, allowing local attackers with administrator privileges to cause unexpected behavior through injection of unfiltered control sequences. The vulnerability has been patched in QuRouter version 2.6.3.009 and later. While no CVSS score, EPSS probability, or KEV/POC data are currently published, the requirement for local administrator access significantly limits exploitation scope in typical deployments.
Terminal injection in Claude HUD through version 0.0.12 allows an attacker who controls a Git branch name or working directory path to embed arbitrary ANSI escape sequences into terminal sessions via unsanitized OSC 8 hyperlink construction. When a user runs Claude HUD in an affected terminal emulator and clicks a rendered project or branch hyperlink, injected sequences—including OSC 52 clipboard writes and forged prompts—are processed by the terminal. The vulnerability has no public exploit identified at time of analysis and is not listed in CISA KEV, but the clipboard-poisoning vector carries meaningful risk for developers routinely cloning untrusted repositories.
Local code execution in Tabby terminal emulator versions before 1.0.233 occurs when dragging and dropping files containing control characters in their paths. The terminal fails to properly escape control sequences, allowing attackers to execute arbitrary commands through crafted filenames when a user drags a malicious file into the terminal window.
Terminal escape sequence injection in GitHub CLI 1.6.0 through 2.91.x allows authenticated attackers with pull request creation rights to inject malicious terminal control sequences into Actions workflow logs. When victims execute 'gh run view --log' or 'gh run view --log-failed' to inspect workflow runs, unsanitized escape sequences replay in their terminal, enabling window title manipulation, on-screen content alteration, or arbitrary command execution in vulnerable emulators like GNU screen. The attack requires low complexity and user interaction (victim must view logs), with impact limited to terminal integrity. CVSS score of 3.5 reflects low-severity integrity impact, though real-world risk varies significantly by terminal emulator capabilities. No active exploitation confirmed at time of analysis.
KDE KCoreAddons before version 6.25 contains an improper neutralization of special elements vulnerability in the KShell::quoteArgs() function that fails to safely escape metacharacters and control characters, allowing local attackers with user interaction to inject arbitrary shell commands or terminal control sequences when user input is passed to shell execution contexts. Applications using this method to quote arguments for security-critical operations are affected; exploitation requires local access and user interaction but can achieve arbitrary code execution with user privileges.
CPython's http.cookies.Morsel.js_output() method generates inline script snippets that fail to neutralize the HTML parser-sensitive sequence </script>, allowing attackers with high privilege levels to inject arbitrary JavaScript by crafting malicious cookie values. While the method escapes double quotes for JavaScript string context, it does not prevent premature termination of the script element through </script> injection, resulting in limited information disclosure. The vendor has released patches addressing this inadequate escaping mechanism through base64-encoding of cookie values.
MuPDF mutool fails to sanitize PDF metadata before displaying it in terminal output, allowing local attackers to inject ANSI escape sequences through crafted PDF files. When a user runs mutool info on a malicious PDF, embedded escape codes can clear the terminal and display fabricated text for social engineering attacks such as fake login prompts or spoofed shell commands. This is a low-severity local vulnerability (CVSS 3.3) requiring user interaction, with a vendor-released patch available.
Escape sequence injection in Microsoft Power Apps versions prior to 3.26032.10.0 allows authenticated attackers with low privileges to bypass security controls and achieve remote code execution with high confidentiality, integrity, and availability impact across security boundaries. The vulnerability requires user interaction and affects Power Apps 1710 (build 9.2.23071.136 and earlier). EPSS score of 0.08% (23rd percentile) suggests low probability of mass exploitation despite critical CVSS 9.0 rating. Vendor patch available via Microsoft Security Response Center advisory.
OpenClaw versions 2026.2.13 through 2026.3.24 allow unauthenticated remote attackers to inject ANSI escape sequences into approval prompts and permission logs via malicious tool metadata, enabling spoofing of terminal output and manipulation of displayed information. The vulnerability requires user interaction (display of the approval prompt) and results in integrity impact only, with a CVSS score of 4.3. A vendor patch is available.
Mattermost's mmctl command-line administration tool fails to sanitize ANSI and OSC escape sequences embedded in user-generated post content, enabling authenticated low-privilege attackers to inject malicious terminal control codes when administrators export or query messages. Exploitation allows screen manipulation, fake prompt injection, and clipboard hijacking against administrators running mmctl commands, potentially leading to secondary code execution if administrators are tricked into running injected commands. CISA SSVC framework indicates no current exploitation, non-automatable attack requiring high complexity and user interaction, but with total technical impact potential.
An improper neutralization of escape, meta, or control sequences vulnerability (CWE-150) affects QNAP QHora/QuRouter devices, allowing local attackers with administrator privileges to cause unexpected behavior through injection of unfiltered control sequences. The vulnerability has been patched in QuRouter version 2.6.3.009 and later. While no CVSS score, EPSS probability, or KEV/POC data are currently published, the requirement for local administrator access significantly limits exploitation scope in typical deployments.