{"id":"CVE-2026-45036","summary":"Tabby auto-confirms ZMODEM detection on terminal output, leading to shell command execution from displayed file content under fish, bash, and zsh","details":"Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. The ZModemMiddleware in tabby-terminal consumes all session output through a Zmodem.Sentry, and when a ZMODEM ZRQINIT header is detected, unconditionally calls detection.confirm() and writes a fixed ZRINIT response ( **\\x18B0100000023be50\\r\\n\\x11) back into the active PTY as input. When the process that triggered the detection (e.g., cat) exits, the injected bytes are consumed by the user's shell as a command line. Under fish (default configuration), the ** prefix triggers recursive glob expansion against the current directory, allowing an attacker-placed executable at a matching nested path (e.g., d/xB0100000023be50) to be executed by relative pathname without relying on PATH. Under bash and zsh, a secondary xterm.js terminal color-query feedback (OSC 10) can be combined in the same file to inject a slash-containing command word that similarly bypasses PATH resolution. An attacker can exploit this by providing a crafted file (e.g., in a cloned Git repository) that a user displays with cat, achieving code execution with no interaction beyond viewing the file. This vulnerability is fixed in 1.0.233.","aliases":["GHSA-qr3x-j8g9-xhf6"],"modified":"2026-07-08T08:13:29.896509842Z","published":"2026-05-15T16:47:17.974Z","database_specific":{"cwe_ids":["CWE-78"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45036.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45036.json"},{"type":"ADVISORY","url":"https://github.com/Eugeny/tabby/security/advisories/GHSA-qr3x-j8g9-xhf6"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45036"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eugeny/tabby","events":[{"introduced":"0"},{"fixed":"78a56326aca3ca25285e8da1ec8b02c14f8dfacd"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"1.0.233"}],"source":["AFFECTED_FIELD","CPE_RANGE"],"cpe":"cpe:2.3:a:tabby:tabby:*:*:*:*:*:*:*:*"}}],"versions":["v1.0.232","v1.0.231","v1.0.230","v1.0.229","v1.0.228","v1.0.227","v1.0.226","v1.0.225","v1.0.224","v1.0.223","v1.0.222","v1.0.221","v1.0.220","v1.0.219","v1.0.218","v1.0.217","v1.0.216","v1.0.215","v1.0.214","v1.0.213","v1.0.212","v1.0.211","v1.0.210","v1.0.209","v1.0.208","v1.0.207","v1.0.206","v1.0.205","v1.0.204","v1.0.202","v1.0.201","v1.0.200","v1.0.199","v1.0.198","v1.0.197","v1.0.196","v1.0.195","v1.0.194","v1.0.193","v1.0.192","v1.0.191","v1.0.190","v1.0.189","v1.0.188","v1.0.187","v1.0.186","v1.0.184","v1.0.183","v1.0.182","v1.0.181","v1.0.180","v1.0.179","v1.0.178","v1.0.177","v1.0.176","v1.0.175","v1.0.174","v1.0.173","v1.0.172","v1.0.171","v1.0.170","v1.0.169","v1.0.168","v1.0.167","v1.0.166","v1.0.165","v1.0.164","v1.0.163","v1.0.162","v1.0.161","v1.0.160","v1.0.159","v1.0.158","v1.0.157","v1.0.156","v1.0.155","v1.0.154","v1.0.152","v1.0.151","v1.0.150","v1.0.149","v1.0.148","v1.0.147","v1.0.146","v1.0.145","v1.0.144","v1.0.143","v1.0.142","v1.0.141","v1.0.140","v1.0.139","v1.0.138","v1.0.137","v1.0.136","v1.0.135","v1.0.134","v1.0.132","v1.0.131","v1.0.130","v1.0.129","v1.0.128","v1.0.127","v1.0.126","v1.0.125","v1.0.124","v1.0.123","v1.0.122","v1.0.121","v1.0.120","v1.0.119","v1.0.117","v1.0.116","v1.0.115","v1.0.114","v1.0.113","v1.0.112","v1.0.111","v1.0.110","v1.0.109","v1.0.108","v1.0.107","v1.0.106","v1.0.105","v1.0.104","v1.0.103","v1.0.102","v1.0.101","v1.0.100","v1.0.99","v1.0.98","v1.0.97","v1.0.96","v1.0.95","v1.0.94","v1.0.93","v1.0.92","v1.0.91","v1.0.90","v1.0.89","v1.0.88","v1.0.87","v1.0.86","v1.0.85","v1.0.84","v1.0.83","v1.0.82","v1.0.80","v1.0.79","v1.0.78-rc.3","v1.0.78-rc.2","v1.0.78","v1.0.78-rc.1","v1.0.73","v1.0.72","v1.0.71","v1.0.70","v1.0.69","v1.0.68","v1.0.67","v1.0.66","v1.0.65","v1.0.1","v1.0.0-alpha.64","v1.0.0-alpha.63","v1.0.0-alpha.61","v1.0.0-alpha.60","v1.0.0-alpha.59","v1.0.0-alpha.58","v1.0.0-alpha.56","v1.0.0-alpha.55","v1.0.0-alpha.54","v1.0.0-alpha.53","v1.0.0-alpha.52","v1.0.0-alpha.51","v1.0.0-alpha.50","v1.0.0-alpha.49","v1.0.0-alpha.48","v1.0.0-alpha.47","v1.0.0-alpha.46","v1.0.0-alpha.45","v1.0.0-alpha.44","v1.0.0-alpha.43","v1.0.0-alpha.42","v1.0.0-alpha.41","v1.0.0-alpha.40","v1.0.0-alpha.39","v1.0.0-alpha.38","v1.0.0-alpha.36","v1.0.0-alpha.35","v1.0.0-alpha.34","v1.0.0-alpha.33","v1.0.0-alpha.32.2","v1.0.0-alpha.32","v1.0.0-alpha.31","v1.0.0-alpha.30","v1.0.0-alpha.29","v1.0.0-alpha.20","v1.0.0-alpha.16","v1.0.0-alpha.15","v1.0.0-alpha.14","v1.0.0-alpha.13","v1.0.0-alpha.12","v1.0.0-alpha.11","v1.0.0-alpha.10","v1.0.0-alpha.8","v1.0.0-alpha.7","v1.0.0-alpha.6","v1.0.0-alpha.5","v1.0.0-alpha.4","v1.0.0-alpha.3","v1.0.0-alpha.2","v1.0.0-alpha.1","v0.0.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45036.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}