HIGH
Eugeny
CVE published 2026-05-15
CVE-2026-45037
CVE-2026-45037 affects Tabby (formerly Terminus) terminal link handling. Before 1.0.232, Tabby passed detected URIs directly to the operating system’s protocol handler without validating the scheme, so a malicious SSH or Telnet server could embed crafted output that appears as a clickable terminal link and causes an unsafe handler to open on the client.