CVE-2026-26982

Name of the Vulnerable Software and Affected Versions Ghostty versions prior to 1.3.0

Description Ghostty allows control characters, such as 0x03 (Ctrl+C), within pasted or dropped text. These characters can be leveraged to execute arbitrary commands in certain shell environments. Successful exploitation requires an attacker to trick a user into copying and pasting or dragging and dropping malicious text. The dangerous characters are generally not visible in most graphical user interfaces, making detection difficult, particularly with complex strings.

Recommendations Update to Ghostty version 1.3.0 or later.