Description
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. The ZModemMiddleware in tabby-terminal consumes all session output through a Zmodem.Sentry, and when a ZMODEM ZRQINIT header is detected, unconditionally calls detection.confirm() and writes a fixed ZRINIT response ( **\x18B0100000023be50\r\n\x11) back into the active PTY as input. When the process that triggered the detection (e.g., cat) exits, the injected bytes are consumed by the user's shell as a command line. Under fish (default configuration), the ** prefix triggers recursive glob expansion against the current directory, allowing an attacker-placed executable at a matching nested path (e.g., d/xB0100000023be50) to be executed by relative pathname without relying on PATH. Under bash and zsh, a secondary xterm.js terminal color-query feedback (OSC 10) can be combined in the same file to inject a slash-containing command word that similarly bypasses PATH resolution. An attacker can exploit this by providing a crafted file (e.g., in a cloned Git repository) that a user displays with cat, achieving code execution with no interaction beyond viewing the file. This vulnerability is fixed in 1.0.233.
Published: 2026-05-15
Score: 7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Tabby automatically confirms ZMODEM protocol detection upon seeing a ZRQINIT header, sending a fixed ZRINIT response directly to the PTY. The injected bytes are consumed by the user's shell as command input. In fish, the leading asterisk triggers glob expansion that can execute a file in a nested directory; in bash or zsh, an OSC 10 escape can provide a command that bypasses PATH resolution. An attacker can supply a crafted file, and the user’s shell runs the embedded commands as root or the user’s effective privileges, achieving arbitrary code execution without any interaction beyond viewing the file. This is a classic CWE‑78 issue of command injection via untrusted input through the terminal.

Affected Systems

The vulnerability exists in Tabby (formerly Terminus), a terminal emulator from Eugeny. All versions prior to 1.0.233 are affected; upgrades to 1.0.233 or later contain the fix.

Risk and Exploitability

The vulnerability carries a CVSS score of 7, indicating a high risk. EPSS is not reported and the issue is not listed in the CISA KEV catalog, implying low but present exploitation potential. The attack vector is local: an attacker must supply or host a file in the user’s environment, then have the user display it with a command such as cat. No network exploitation or privilege escalation is required beyond running the vulnerable Tabby instance.

Generated by OpenCVE AI on May 15, 2026 at 18:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Tabby to version 1.0.233 or higher, which disables the unconditional ZMODEM confirmation.
  • If upgrading immediately is not possible, configure Tabby to disable ZMODEM auto‑confirmation (for example, set the ZMODEM middleware option to false or remove the middleware from the session configuration).
  • Avoid using fish’s default recursive glob expansion or run commands in a shell that does not expand the leading asterisk; alternatively, switch to a shell that does not expose this vulnerability.
  • Never display files from untrusted sources using cat or similar commands while Tabby is running; consider sanitizing or inspecting file contents before rendering.

Generated by OpenCVE AI on May 15, 2026 at 18:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 15 May 2026 17:15:00 +0000

Type Values Removed Values Added
Description Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. The ZModemMiddleware in tabby-terminal consumes all session output through a Zmodem.Sentry, and when a ZMODEM ZRQINIT header is detected, unconditionally calls detection.confirm() and writes a fixed ZRINIT response ( **\x18B0100000023be50\r\n\x11) back into the active PTY as input. When the process that triggered the detection (e.g., cat) exits, the injected bytes are consumed by the user's shell as a command line. Under fish (default configuration), the ** prefix triggers recursive glob expansion against the current directory, allowing an attacker-placed executable at a matching nested path (e.g., d/xB0100000023be50) to be executed by relative pathname without relying on PATH. Under bash and zsh, a secondary xterm.js terminal color-query feedback (OSC 10) can be combined in the same file to inject a slash-containing command word that similarly bypasses PATH resolution. An attacker can exploit this by providing a crafted file (e.g., in a cloned Git repository) that a user displays with cat, achieving code execution with no interaction beyond viewing the file. This vulnerability is fixed in 1.0.233.
Title Tabby auto-confirms ZMODEM detection on terminal output, leading to shell command execution from displayed file content under fish, bash, and zsh
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-15T17:38:49.149Z

Reserved: 2026-05-08T18:07:27.340Z

Link: CVE-2026-45036

cve-icon Vulnrichment

Updated: 2026-05-15T17:38:38.048Z

cve-icon NVD

Status : Received

Published: 2026-05-15T17:16:48.487

Modified: 2026-05-15T18:16:25.953

Link: CVE-2026-45036

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T18:30:05Z

Weaknesses