CVE-2026-45037 — HIGH (7.1)

Q: How severe is CVE-2026-45037?

CVE-2026-45037 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-45037?

Check the references section above for vendor advisories and patch information. Affected products include: Tabby Tabby.

Vulnerability Description

Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to send crafted terminal output containing dangerous protocol URIs which Tabby renders as clickable links, triggering arbitrary OS protocol handlers on the victim's machine. This vulnerability is fixed in 1.0.232.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Tabby	Tabby	< 1.0.232

Related Weaknesses (CWE)

CWE-601 CWE-184

References

https://github.com/Eugeny/tabby/security/advisories/GHSA-cmpc-v2x9-j9x9MitigationVendor AdvisoryPatch

FAQ

What is CVE-2026-45037?

CVE-2026-45037 is a vulnerability with a CVSS score of 7.1 (HIGH). Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without v...

How severe is CVE-2026-45037?

CVE-2026-45037 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-45037?

Check the references section above for vendor advisories and patch information. Affected products include: Tabby Tabby.