6.9

CVE-2026-41253

EPSS 0.01%
Veröffentlicht 18.04.2026 05:27:08
Zuletzt bearbeitet 20.04.2026 19:05:30
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conductor encoding path, such as a pathname with an initial ace/c+ substring, aka "hypothetical in-band signaling abuse." This occurs because iTerm2 accepts the SSH conductor protocol from terminal output that does not originate from a legitimate conductor session.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstelleriTerm2

≫

Produkt iTerm2

Default Statusunknown

Version <= 3.6.9

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.003

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cve@mitre.org	6.9	1.4	5.5	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

CWE-829 Inclusion of Functionality from Untrusted Control Sphere

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

https://iterm2.com/downloads.html

https://blog.calif.io/p/mad-bugs-even-cat-readmetxt-is-not

https://github.com/gnachman/iTerm2/commit/a9e745993c2e2cbb30b884a16617cd5495899f86

https://news.ycombinator.com/item?id=47809190

https://nvd.nist.gov/vuln/detail/CVE-2026-41253

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-41253

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-41253

EUVD