VYPR

Tabby

by Tabby

Source repositories

CVEs (4)

  • CVE-2026-45035HigMay 15, 2026
    risk 0.50cvss 8.8epss 0.00

    Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supports a run command that directly executes OS commands with no user confirmation,…

  • CVE-2026-45038HigMay 15, 2026
    risk 0.44cvss 7.8epss 0.00

    Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control characters from file paths when dragging and dropping a file into it, code execution can be achieved. This vulnerability is fixed in 1.0.233.

  • CVE-2026-45037HigMay 15, 2026
    risk 0.39cvss 7.1epss 0.00

    Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to…

  • CVE-2026-45036HigMay 15, 2026
    risk 0.39cvss 7.0epss 0.00

    Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays…