Tabby: Unsafe protocol handler execution via terminal linkifier allows arbitrary...

7.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Description

Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to send crafted terminal output containing dangerous protocol URIs which Tabby renders as clickable links, triggering arbitrary OS protocol handlers on the victim's machine. This vulnerability is fixed in 1.0.232.

Basic Information

ID CVE-2026-45037

Source GitHub_M

Published May 15, 2026 at 16:40

Affected Product

Vendor Eugeny

Product tabby

Version < 1.0.232

Affected Versions Eugeny tabby < 1.0.232

CWE Classification

CWE-184 CWE-601

References

github.com /Eugeny/tabby/security/advisories/GHSA-cmpc-v2x9-j9x9

{
    "lastseen": "",
    "description": "Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to send crafted terminal output containing dangerous protocol URIs which Tabby renders as clickable links, triggering arbitrary OS protocol handlers on the victim's machine. This vulnerability is fixed in 1.0.232.",
    "published": "2026-05-15T16:40:10.317Z",
    "modified": "2026-05-15T16:40:10.317Z",
    "type": "cve",
    "title": "Tabby: Unsafe protocol handler execution via terminal linkifier allows arbitrary OS protocol invocation",
    "source": "GitHub_M",
    "references": "https://github.com/Eugeny/tabby/security/advisories/GHSA-cmpc-v2x9-j9x9",
    "id": "CVE-2026-45037",
    "bulletinFamily": "",
    "cwe": [
        "CWE-184",
        "CWE-601"
    ],
    "cvelist": null,
    "sourceData": "Eugeny tabby < 1.0.232",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "tabby",
    "version": "< 1.0.232",
    "vendor": "Eugeny",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Tabby: Unsafe protocol handler execution via terminal linkifier allows arbitrary OS protocol invocation_CVE-2026-45037