Description
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to send crafted terminal output containing dangerous protocol URIs which Tabby renders as clickable links, triggering arbitrary OS protocol handlers on the victim's machine. This vulnerability is fixed in 1.0.232.
Published: 2026-05-15
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Tabby’s terminal linkifier forwards any detected URI directly to the operating system’s protocol handler without restriction on the protocol scheme. When a terminal session receives malicious output from a compromised SSH or Telnet server, the attacker can embed dangerous protocol URIs that Tabby renders as clickable links, causing the victim’s OS to invoke arbitrary handlers. This allows the execution of arbitrary commands or software via the victim’s local machine, effectively delivering remote code execution. The weakness is characterized by CWE-184 (Plain Text Absolute Path Traversal) and CWE-601 (URL Redirection Through Link Manipulation).

Affected Systems

The vulnerability affects versions of Tabby (formerly Terminus) before 1.0.232. Users running any prior release of the Tabby terminal emulator are susceptible. Updates equal to or newer than 1.0.232 contain the fix.

Risk and Exploitability

With a CVSS score of 7.1, the vulnerability is considered high severity. The EPSS score is not available, but the lack of a KEV listing suggests no known exploitation campaigns yet. The attack vector requires a malicious SSH or Telnet server to send crafted terminal output; thus anyone operating such a server or compromising one can target any Tabby user who connects to it. If exploited, the victim gains the ability to launch commands under their own user privileges by leveraging the OS’s protocol handlers.

Generated by OpenCVE AI on May 15, 2026 at 18:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Tabby to the latest version (1.0.232 or later).
  • If an upgrade is not possible, disable the linkification feature or configure it to allow only trusted protocol schemes.
  • Avoid connecting to untrusted SSH or Telnet servers, and verify server authenticity before establishing a session.

Generated by OpenCVE AI on May 15, 2026 at 18:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 17:15:00 +0000

Type Values Removed Values Added
Description Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to send crafted terminal output containing dangerous protocol URIs which Tabby renders as clickable links, triggering arbitrary OS protocol handlers on the victim's machine. This vulnerability is fixed in 1.0.232.
Title Tabby: Unsafe protocol handler execution via terminal linkifier allows arbitrary OS protocol invocation
Weaknesses CWE-184
CWE-601
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-15T17:49:42.531Z

Reserved: 2026-05-08T18:07:27.340Z

Link: CVE-2026-45037

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-15T17:16:48.623

Modified: 2026-05-15T17:16:48.623

Link: CVE-2026-45037

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T18:30:05Z

Weaknesses