CVE-2026-11623
tmux image.c image_free use after free
CVSS Score
4.5
EPSS Score
0.0%
EPSS Percentile
2th
A security vulnerability has been detected in tmux up to 3.6a. Affected is the function image_free of the file image.c. Such manipulation leads to use after free. Local access is required to approach this attack. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used. Upgrading to version 3.7-rc is able to address this issue. The name of the patch is fc6d94a9f8a593bd8b7031650802084385d4ee03. The affected component should be upgraded.
| CWE | CWE-416 CWE-119 |
| Vendor | n/a |
| Product | tmux |
| Published | Jun 9, 2026 |
| Last Updated | Jun 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a tmux
Be the first to know when new medium vulnerabilities affecting n/a tmux are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / tmux
3.6a
References
vuldb.com: https://vuldb.com/vuln/369303 vuldb.com: https://vuldb.com/vuln/369303/cti vuldb.com: https://vuldb.com/cve/CVE-2026-11623 vuldb.com: https://vuldb.com/submit/835623 gist.github.com: https://gist.github.com/XlabAITeam/f0d9952595f795129a3258ba73bbc3cb github.com: https://github.com/tmux/tmux/commit/fc6d94a9f8a593bd8b7031650802084385d4ee03 github.com: https://github.com/tmux/tmux/releases/tag/3.7-rc github.com: https://github.com/tmux/tmux/
Credits
๐ XlabAI (VulDB User)