CVE-2026-54057

Kitty is a cross-platform GPU based terminal

Published: 2026-06-12 · Last updated: 2026-06-12

Severity and scoring

CWE: CWE-150, CWE-94

Description

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 (color-control) query reply reflects attacker-controlled bytes, including newlines, into the shell's input without sanitization. Version 0.47.3 fixes the issue.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-54057
[Other]https://github.com/kovidgoyal/kitty/security/advisories/GHSA-5gmr-9gwg-hhq6

Related CVEs

Same CWE

CVE-2026-12176 — A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 (4.3 MEDIUM)
CVE-2026-12130 — A security flaw has been discovered in CodeAstro Human Resource Management System 1.0 (3.5 LOW)
CVE-2026-12129 — A vulnerability was identified in CodeAstro Human Resource Management System 1.0 (3.5 LOW)
CVE-2026-42890 — Actual is an open-source personal finance application
CVE-2026-42851 — Kitty is a cross-platform GPU based terminal (7.8 HIGH)