How is CVE-2026-54057 exploited?

Network reachability (not-required): The attacker needs an existing shell or process on the host; no network exposure to the vulnerable service is required. Authentication (not-required): No account or credential of any privilege level is needed to deliver the malicious OSC 21 escape sequence. Victim interaction (required): The victim must interact with attacker-controlled terminal output, for example by opening a crafted file or navigating to content that emits the malicious escape sequence in the terminal. Attack complexity (info): Attack-target conditions must align (AT:P), meaning the attacker depends on specific environmental factors such as the victim having an active Kitty session and a vulnerable version present, though no memory-layout or race-condition exploitation is required.

What is the impact of CVE-2026-54057?

Reads files, environment variables, shell history, and session tokens accessible to the victim user's shell process. Executes arbitrary shell commands under the victim user's identity, modifying or deleting files and persisted data the user can reach. Crashes or hijacks the active terminal session, disrupting the victim's running processes and workflows.

Back to search

HIGHCVE-2026-54057Published 2026-06-12Modified 2026-06-16CNA GitHub_M

CVE-2026-54057: Kitty vulnerable to command injection via unsanitized OSC 21 query reply

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 (color-control) query reply reflects attacker-controlled bytes, including newlines, into the shell's input without sanitization. Version 0.47.3 fixes the issue.

CVSS v4.0: 7.3
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

Command injection via unsanitized OSC 21 query reply affects Kitty, a GPU-accelerated cross-platform terminal emulator. The attack runs locally and requires no authenticated account, but does require a victim to interact with attacker-controlled terminal output, typically by opening a crafted file or visiting a malicious page that emits escape sequences. Successful exploitation gives the attacker full read, write, and availability control over the victim's active shell session. HarborGuard tracks this advisory and will make a patched-image rebuild available the moment an upstream fix is published.

HarborGuard Coverage

Detection

Detection of CVE-2026-54057 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that bundle the Kitty terminal. No manual feed subscription is needed on the customer side.

Available

Triage

HarborGuard scores this finding at 7.3 HIGH using the provided CVSS v4.0 vector and weights it against each environment's compliance policy to determine urgency and routing. Findings are dispatched automatically to the team inbox or ticketing integration configured for the affected workload within each customer organization.

Available

Patch

Because no upstream fix version has been published for CVE-2026-54057, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment kovidgoyal/kitty releases version 0.47.3 or later. For customers with auto-remediation enabled, a rebuild, regression run, and PR against affected workloads will be triggered automatically at that point.

Pending upstream

Exploit Conditions

Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network exposure to the vulnerable service is required.
AuthenticationNot required
No account or credential of any privilege level is needed to deliver the malicious OSC 21 escape sequence.
Victim interactionRequired
The victim must interact with attacker-controlled terminal output, for example by opening a crafted file or navigating to content that emits the malicious escape sequence in the terminal.
Attack complexityDetail
Attack-target conditions must align (AT:P), meaning the attacker depends on specific environmental factors such as the victim having an active Kitty session and a vulnerable version present, though no memory-layout or race-condition exploitation is required.

Blast Radius

Reads files, environment variables, shell history, and session tokens accessible to the victim user's shell process.
Executes arbitrary shell commands under the victim user's identity, modifying or deleting files and persisted data the user can reach.
Crashes or hijacks the active terminal session, disrupting the victim's running processes and workflows.

How HarborGuard Handles This

Available on HarborGuard: this CVE is actively tracked across all customer image scans, with matching running continuously against every image that includes the Kitty terminal binary. Because kovidgoyal/kitty has not yet published a patched release, no upstream fix version is available to rebuild against today. HarborGuard re-evaluates the advisory on every ingest cycle; the moment version 0.47.3 or a later fix is published upstream, a patched-image rebuild becomes available automatically. For customers with auto-remediation enabled, that rebuild is followed immediately by a regression run and a PR opened against affected workloads. In the meantime, compensating controls worth considering include network-policy isolation of workloads where Kitty is present, restricting the sources of content rendered in terminal sessions, and, where operationally feasible, substituting a terminal emulator not affected by OSC 21 reflection until the upstream patch lands.

See how HarborGuard automates this

Affected packages

kovidgoyal / kitty
< 0.47.3

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

https://github.com/kovidgoyal/kitty/security/advisories/GHSA-5gmr-9gwg-hhq6

Metrics

Get notified