UBUNTU-CVE-2026-42850

Source
https://ubuntu.com/security/CVE-2026-42850
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42850.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-42850
Upstream
Published
2026-06-12T20:16:00Z
Modified
2026-06-22T09:30:53.515873912Z
Severity
  • 7.4 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as such it will be run by the shell in use. To exploit this bug, the victim must use a netcat or a similar program to connect to the attacker, or else listening for someone to connect. Once this condition is set, an attacker could pwn the computer of the victim using a special kitty's escape code that will run a command in the shell in use. Version 04.7.0 fixes the issue.

References

Affected packages

Ubuntu:Pro:20.04:LTS / kitty

Package

Name
kitty
Purl
pkg:deb/ubuntu/kitty?arch=source&distro=esm-apps%2Ffocal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.14.3-1
0.14.4-1
0.14.6-1
0.15.0-1
0.15.0-1build1
0.15.0-1ubuntu0.2
0.15.0-1ubuntu0.2+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "kitty",
            "binary_version": "0.15.0-1ubuntu0.2+esm1"
        },
        {
            "binary_name": "kitty-terminfo",
            "binary_version": "0.15.0-1ubuntu0.2+esm1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42850.json"

Ubuntu:Pro:22.04:LTS / kitty

Package

Name
kitty
Purl
pkg:deb/ubuntu/kitty?arch=source&distro=esm-apps%2Fjammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.19.3-1
0.21.2-1
0.21.2-1build1
0.21.2-1ubuntu0.22.04.1
0.21.2-1ubuntu0.22.04.1+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "kitty",
            "binary_version": "0.21.2-1ubuntu0.22.04.1+esm1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42850.json"

Ubuntu:Pro:24.04:LTS / kitty

Package

Name
kitty
Purl
pkg:deb/ubuntu/kitty?arch=source&distro=esm-apps%2Fnoble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.26.5-3ubuntu2
0.26.5-5ubuntu1
0.31.0-3
0.31.0-4
0.32.2-1
0.32.2-1build2
0.32.2-1build3
0.32.2-1ubuntu0.1
0.32.2-1ubuntu0.2
0.32.2-1ubuntu0.3
0.32.2-1ubuntu0.4
0.32.2-1ubuntu0.4+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "kitty",
            "binary_version": "0.32.2-1ubuntu0.4+esm1"
        },
        {
            "binary_name": "kitty-shell-integration",
            "binary_version": "0.32.2-1ubuntu0.4+esm1"
        },
        {
            "binary_name": "kitty-terminfo",
            "binary_version": "0.32.2-1ubuntu0.4+esm1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42850.json"

Ubuntu:25.10 / kitty

Package

Name
kitty
Purl
pkg:deb/ubuntu/kitty?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.39.1-1
0.41.1-2
0.41.1-2+deb13u1build0.25.10.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "kitty",
            "binary_version": "0.41.1-2+deb13u1build0.25.10.1"
        },
        {
            "binary_name": "kitty-shell-integration",
            "binary_version": "0.41.1-2+deb13u1build0.25.10.1"
        },
        {
            "binary_name": "kitty-terminfo",
            "binary_version": "0.41.1-2+deb13u1build0.25.10.1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42850.json"

Ubuntu:Pro:26.04:LTS / kitty

Package

Name
kitty
Purl
pkg:deb/ubuntu/kitty?arch=source&distro=esm-apps%2Fresolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.41.1-2
0.43.1-1
0.44.0-1
0.45.0-1
0.45.0-1build1
0.45.0-1ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "kitty",
            "binary_version": "0.45.0-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "kitty-shell-integration",
            "binary_version": "0.45.0-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "kitty-terminfo",
            "binary_version": "0.45.0-1ubuntu0.1~esm1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42850.json"