Terminal Escape Sequence Injection in GitHub CLI
CVE-2026-45803

3.5LOW

Key Information:

Vendor: Cli
Status: Cli
Vendor: CVE Published:; 15 May 2026

What is CVE-2026-45803?

A security issue has been identified in GitHub CLI that could allow terminal escape sequence injection. When users view GitHub Actions workflow logs using specific commands, the tool does not properly sanitize terminal control sequences, enabling attackers to embed escape sequences in the log output. If this content is modified by a malicious user, it could manipulate terminal behavior, such as changing window titles or potentially executing arbitrary commands in certain terminal environments. This vulnerability has been addressed in the latest version of GitHub CLI.

Affected Version(s)

cli >= 1.6.0, < 2.92.0

References

https://github.com/cli/cli/security/advisories/GHSA-crc3-...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-45803 Data

JSON

Cli

What is CVE-2026-45803?

Affected Version(s)

References

CVSS V3.1

Timeline