Input Validation Flaw in Kitty Terminal from Kovid Goyal
CVE-2026-54057
7.3HIGH
What is CVE-2026-54057?
Kitty Terminal, a cross-platform GPU-based terminal, is affected by a vulnerability that arises from its OSC 21 (color-control) query reply feature. In versions prior to 0.47.3, this functionality fails to properly sanitize attacker-controlled input, potentially allowing malicious data, including newlines, to be injected into the shell's input. This issue could lead to unexpected behavior in the terminal environment, exposing users to security risks. Version 0.47.3 has been released to address and rectify this vulnerability.
Affected Version(s)
kitty < 0.47.3
