Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-26982
Analyzed
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-10 Mar, 2026 | 07:42
Updated At-13 Mar, 2026 | 17:28

Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 (Ctrl+C) in pasted and dropped text. These can be used to execute arbitrary commands in some shell environments. This attack requires an attacker to convince the user to copy and paste or drag and drop malicious text. The attack requires user interaction to be triggered, but the dangerous characters are invisible in most GUI environments so it isn't trivially detected, especially if the string contents are complex. Fixed in Ghostty v1.3.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
ghostty
ghostty
>>ghostty>>Versions before 1.3.0(exclusive)
cpe:2.3:a:ghostty:ghostty:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarysecurity-advisories@github.com
CWE ID: CWE-78
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/ghostty-org/ghostty/commit/fe7427ed2a1a02aef85495b384cfb8f11ee5efc9security-advisories@github.com
Patch
https://github.com/ghostty-org/ghostty/pull/10746security-advisories@github.com
Issue Tracking
Patch
https://github.com/ghostty-org/ghostty/security/advisories/GHSA-4jxv-xgrp-5m3rsecurity-advisories@github.com
Patch
Vendor Advisory
Hyperlink: https://github.com/ghostty-org/ghostty/commit/fe7427ed2a1a02aef85495b384cfb8f11ee5efc9
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/ghostty-org/ghostty/pull/10746
Source: security-advisories@github.com
Resource:
Issue Tracking
Patch
Hyperlink: https://github.com/ghostty-org/ghostty/security/advisories/GHSA-4jxv-xgrp-5m3r
Source: security-advisories@github.com
Resource:
Patch
Vendor Advisory
Change History
0Changes found
Details not found