Vulnerability in Tabby Terminal Emulator Allows Execution of Dangerous Protocols
CVE-2026-45037

7.1HIGH

Key Information:

Vendor: Eugeny
Status: Tabby
Vendor: CVE Published:; 15 May 2026

What is CVE-2026-45037?

Tabby, a configurable terminal emulator, is susceptible to a vulnerability where it directly processes detected URIs through the operating system's protocol handler without appropriate validation. This flaw allows attackers to embed harmful SSH or Telnet commands that render as clickable links on the user's terminal, potentially leading to malicious actions executed on their system. The issue has been resolved starting from version 1.0.232.

Affected Version(s)

tabby < 1.0.232

References

https://github.com/Eugeny/tabby/security/advisories/GHSA-...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
May 8, 2026

CVE-2026-45037 Data

JSON