CVE-2026-45038
Tabby: Dragging and Dropping a File into Tabby Can Lead to Code Execution
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control characters from file paths when dragging and dropping a file into it, code execution can be achieved. This vulnerability is fixed in 1.0.233.
| CWE | CWE-150 |
| Vendor | eugeny |
| Product | tabby |
| Published | May 15, 2026 |
| Last Updated | May 15, 2026 |
Stay Ahead of the Next One
Get instant alerts for eugeny tabby
Be the first to know when new unknown vulnerabilities affecting eugeny tabby are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Eugeny / tabby
< 1.0.233