Remote Code Execution Vulnerability in Kitty Terminal by Kovid Goyal
CVE-2026-42851
7.8HIGH
What is CVE-2026-42851?
The Kitty Terminal, a versatile GPU-based terminal, is susceptible to a vulnerability where an attacker can execute arbitrary Python code. Users can trigger this issue by sending crafted data to the terminal, allowing unauthorized command execution within the Kitty process itself. No user consent or system permissions are required to exploit this vulnerability, meaning that commands can run with full user privileges. This serious oversight poses a significant risk to users, especially if they handle untrusted remote SSH connections or process external content within the terminal. The issue is addressed in version 0.47.0.
Affected Version(s)
kitty < 0.47.0
