PT-2026-39314 · Tabby · Tabby
Published
2026-05-08
·
Updated
2026-05-19
·
CVE-2026-45038
CVSS v4.0
8.4
High
| Vector | AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Tabby versions prior to 1.0.233
Description
Tabby, a configurable terminal emulator, contains a command injection flaw in its drag-and-drop functionality. The application fails to escape control characters from file paths when a file is dragged and dropped into the terminal, which can lead to arbitrary code execution.
Recommendations
Update to version 1.0.233.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tabby