CVE-2026-33633

Kovid Goyal · Kitty

A security vulnerability has been identified in the cross-platform GPU-based terminal emulator, Kitty.

Executive summary

A high-severity vulnerability in the Kitty terminal emulator requires immediate attention to prevent potential system compromise.

Vulnerability

The vulnerability details are currently sparse, providing no specific information on the attack vector or the authentication requirements. With a CVSS score of 7.5, the issue is considered high risk and likely involves memory corruption or command execution vectors typical of terminal emulators.

Business impact

A CVSS score of 7.5 indicates a significant risk to the local environment where the terminal is deployed. Exploitation could allow an attacker to gain unauthorized access to the local machine, potentially leading to privilege escalation or the theft of sensitive local session data.

Remediation

Immediate Action: Update the Kitty terminal software to the latest version provided by the developer as soon as a patch is released.

Proactive Monitoring: Monitor for unexpected terminal behavior or unauthorized processes spawned from the terminal environment.

Compensating Controls: Restrict terminal access to trusted users and ensure that the host operating system is hardened against local privilege escalation.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Security teams should prioritize updating terminal software in environments where high-privilege users interact with untrusted input or remote systems. Proactive monitoring of local system logs is advised until further technical details are disclosed.