PatchSiren cyber security CVE debrief
CVE-2026-42851 kovidgoyal CVE debrief
CVE-2026-42851 is a high-severity vulnerability in Kitty, a cross-platform GPU-based terminal. Versions prior to 0.47.0 are affected, allowing an attacker to execute arbitrary Python code with the user's full privileges. The vulnerability has a CVSS score of 7.8 and is classified as HIGH.
- Vendor
- kovidgoyal
- Product
- kitty
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of Kitty terminal versions prior to 0.47.0 should update to the latest version to prevent potential code execution attacks.
Technical summary
A program able to write bytes to a Kitty terminal can cause Kitty to execute attacker-supplied Python inside the running Kitty process, with the user's full privileges. There is no approval prompt, no remote-control permission requirement, no shell-integration interaction, no clipboard touch, and no editor interaction.
Defensive priority
HIGH
Recommended defensive actions
- Update Kitty to version 0.47.0 or later.
Evidence notes
CVE-2026-42851 has been published and has a CVSS score of 7.8. The vulnerability affects Kitty versions prior to 0.47.0.
Official resources
-
CVE-2026-42851 CVE record
CVE.org
-
CVE-2026-42851 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-42851 was published on 2026-06-12T20:16:45.420Z and has not been modified since then.