HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-42850Published Modified CNA GitHub_M

CVE-2026-42850: Kitty has a shell command injection

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as such it will be run by the shell in use. To exploit this bug, the victim must use a netcat or a similar program to connect to the attacker, or else listening for someone to connect. Once this condition is set, an attacker could pwn the computer of the victim using a special kitty's escape code that will run a command in the shell in use. Version 04.7.0 fixes the issue.

Metrics

CVSS v4.0
7.4
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

Shell command injection in the Kitty GPU-based terminal emulator (kovidgoyal/kitty) allows an attacker to inject arbitrary shell commands through an unescaped error response triggered by a crafted escape code. Exploitation requires the victim to connect to an attacker-controlled host using netcat or a similar tool, and the attacker must also be in a position to deliver the malicious escape code over that connection. Successful exploitation gives the attacker full command execution in the victim's active shell session. No fix version has been published yet; HarborGuard tracks the advisory and will surface a patched-image rebuild as soon as an upstream fix is available.

HarborGuard Coverage

Detection

Detection of CVE-2026-42850 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that bundle Kitty. Any image carrying a vulnerable version of kovidgoyal/kitty below 0.47.0 is flagged immediately on ingest.

Available
Triage

Triage capability is available with CVSS v4.0 scoring at 7.4 (HIGH), weighted against each customer environment's compliance policy to determine priority. Findings are routed to the appropriate team inbox within each customer organization based on configured severity thresholds and ownership rules.

Available
Patch

Because no fix version has been published upstream, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment an upstream fix is released. In the meantime, customers can use HarborGuard's compensating-control recommendations to reduce exposure while the vulnerability remains unpatched.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must be reachable over the network: the victim must initiate an outbound connection to an attacker-controlled host using netcat or a similar utility, exposing the terminal session to the malicious escape code.

  • AuthenticationNot required

    No authentication is required on the attacker's side; the attacker does not need any account or credential on the victim's system to deliver the malicious payload.

  • Victim interactionRequired

    The victim must actively connect to the attacker-controlled host using netcat or a similar tool, making this a social-engineering-dependent attack that requires deliberate victim participation.

  • Attack complexityDetail

    Attack complexity is rated High, meaning specific preconditions must align: the victim must be running Kitty and must establish an outbound connection to the attacker at the right moment, introducing environmental dependencies beyond the attacker's direct control.

Blast Radius

  • Reads files and data accessible to the victim's user account on the host, including environment variables, credentials, and SSH keys stored in the home directory.
  • Executes arbitrary commands in the victim's active shell, allowing the attacker to install software, modify files, or pivot to other services the victim's account can reach.
  • Achieves persistent access by writing authorized keys, cron jobs, or shell profile modifications under the victim's account.

How HarborGuard Handles This

Available on HarborGuard: detection of CVE-2026-42850 is active across customer registries and CI pipelines, flagging any image that bundles kovidgoyal/kitty below version 0.47.0. Because no upstream fix has been published, HarborGuard re-checks the advisory on every ingest cycle and will automatically make a patched-image rebuild available, with auto-remediation customers receiving a rebuilt image, a regression-test run, and a PR opened against affected workloads, as soon as a fix version is released. While the vulnerability remains unpatched, compensating controls worth considering include network-policy rules that block unexpected outbound connections from containers running Kitty (to reduce the chance of a victim inadvertently connecting to an attacker-controlled host), egress filtering on container workloads, and feature-flag gating to disable Kitty in environments where it is not strictly required. Customers should review which images carry Kitty as a bundled component, since the social-engineering dependency means risk is highest in developer or interactive-terminal workloads rather than headless services.

See how HarborGuard automates this
Affected packages
  • kovidgoyal / kitty
    < 0.47.0
CVSS Vector
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
References