HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-54056Published Modified CNA GitHub_M

CVE-2026-54056: Kitty has an arbitrary file overwrite via symlink following in `kitten dnd` remote drop staging

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, `kitten dnd` can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote `text/uri-list` drops are staged in a temporary directory, but on case-sensitive filesystems duplicate remote basenames are not de-duplicated. An attacker can first create a staged symlink and then send a same-name regular-file entry. The regular-file write uses `utils.CreateAt()` / `openat(O_RDWR|O_CREAT|O_TRUNC)` without `O_NOFOLLOW`, so it follows the attacker-created symlink and writes outside the staging directory before final overwrite confirmation runs. This appears related in class to the file-transfer symlink advisory, but it is a different bug: it affects `kitten dnd` remote drag-and-drop staging, uses different vulnerable code (`kittens/dnd/drop.go` and `tools/utils/file_at_fd.go`), and reproduces on commit `4aa4a5c0567a92553a8c20a88a4352da637fca5d`, after the file-transfer `O_NOFOLLOW` fix. Version 0.47.2 patches the issue.

Metrics

CVSS v3.1
7.6
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a symlink-following arbitrary file overwrite vulnerability in the Kitty terminal emulator (versions 0.47.0 and 0.47.1). A network-reachable attacker with a low-privilege account who can get the local user to accept a remote drag-and-drop operation can place a crafted symlink in the staging directory, then send a same-named regular-file entry; because the write path uses openat without O_NOFOLLOW, it follows the symlink and overwrites or truncates any file the local Kitty user can write. Successful exploitation gives the attacker the ability to corrupt or destroy arbitrary local files and degrade service availability. No fix version has been published yet; HarborGuard tracks the upstream advisory and will make a patched-image rebuild available the moment a fix is released.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: CVE-2026-54056 is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that bundle Kitty 0.47.0 or 0.47.1. Any image in a customer registry or CI pipeline containing an affected version is flagged immediately on the next scan cycle.

Available
Triage

HarborGuard scores this CVE at CVSS 7.6 HIGH and weighs it against each environment's compliance policy to determine urgency and escalation path. Findings are routed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

Because no upstream fix has been published yet, HarborGuard re-evaluates the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment version 0.47.2 or a later fix is released upstream. For customers who opt into auto-remediation, the rebuild, regression test run, and pull request against affected workloads will be triggered without manual intervention once the fix version appears.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker controls a remote drag-and-drop source reachable over the network and must be able to initiate a drop session to the target Kitty instance.

  • AuthenticationRequired

    The attacker must hold at least a low-privilege account or equivalent session context capable of acting as the remote drag-and-drop source; no anonymous access path is described.

  • Victim interactionRequired

    The local Kitty user must accept or initiate the drag-and-drop session, giving the attacker the opportunity to stage the malicious symlink and file entry.

  • Attack complexityDetail

    Attack complexity is low; the exploit is reliable and condition-free once the victim accepts the drop, with no race condition or special memory-layout requirement needed beyond sending two crafted entries in sequence.

Blast Radius

  • The attacker overwrites or truncates arbitrary files writable by the local Kitty user, including configuration files, credentials, or application data on the host.
  • Truncation of critical files (such as database files or application state) degrades or crashes dependent services running as the same user.
  • Overwriting executable scripts or configuration files in user-controlled paths can set the stage for follow-on privilege escalation or persistent tampering.

How HarborGuard Handles This

Available on HarborGuard: this CVE is tracked continuously against all customer images containing Kitty 0.47.0 or 0.47.1, including custom-built images. Because no upstream fix has been published, HarborGuard monitors the advisory on every ingest cycle and will make a patched-image rebuild available the moment version 0.47.2 (or a superseding release) appears upstream. For customers who opt into auto-remediation, the rebuild, regression test run, and pull request against affected workloads will be triggered automatically without manual follow-up. While no patch is available, compensating controls include network-policy isolation to restrict which remote sources can initiate drag-and-drop sessions, egress filtering at the container or host level to limit exposure of the Kitty process, and disabling or gating the kitten dnd feature via Kitty configuration (setting allowed_dnd_sources or equivalent policy) where that control is available in the deployed version.

See how HarborGuard automates this
Affected packages
  • kovidgoyal / kitty
    >= 0.47.0, < 0.47.2
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L
References