Command Injection Vulnerability in Kitty Terminal by Kovid Goyal
CVE-2026-42850
7.4HIGH
What is CVE-2026-42850?
Kitty Terminal, a cross-platform GPU-accelerated terminal, has a vulnerability that allows command injection through its error handling mechanism prior to version 0.47.0. By leveraging specific escape codes, an attacker can inject commands into the shell environment when a victim connects to a malicious netcat instance. This allows for execution of arbitrary commands on the victim's machine, posing a serious risk to system integrity. Users should upgrade to version 0.47.0 or later to mitigate this security risk.
Affected Version(s)
kitty < 0.47.0
