A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters.