Fedora Account System
Red Hat Associate
Red Hat Customer
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup. https://github.com/kovidgoyal/kitty/compare/v0.26.1...v0.26.2 https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f https://sw.kovidgoyal.net/kitty/changelog/#detailed-list-of-changes https://bugs.gentoo.org/868543
Created kitty tracking bugs for this issue: Affects: epel-all [bug 2129748] Affects: fedora-all [bug 2129749]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.