CVE-2026-33633
Kovid Goyal · Kitty
A security vulnerability has been identified in the cross-platform GPU-based terminal emulator, Kitty.
Executive summary
A high-severity vulnerability in the Kitty terminal emulator requires immediate attention to prevent potential system compromise.
Vulnerability
The vulnerability details are currently sparse, providing no specific information on the attack vector or the authentication requirements. With a CVSS score of 7.5, the issue is considered high risk and likely involves memory corruption or command execution vectors typical of terminal emulators.
Business impact
A CVSS score of 7.5 indicates a significant risk to the local environment where the terminal is deployed. Exploitation could allow an attacker to gain unauthorized access to the local machine, potentially leading to privilege escalation or the theft of sensitive local session data.
Remediation
Immediate Action: Update the Kitty terminal software to the latest version provided by the developer as soon as a patch is released.
Proactive Monitoring: Monitor for unexpected terminal behavior or unauthorized processes spawned from the terminal environment.
Compensating Controls: Restrict terminal access to trusted users and ensure that the host operating system is hardened against local privilege escalation.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Security teams should prioritize updating terminal software in environments where high-privilege users interact with untrusted input or remote systems. Proactive monitoring of local system logs is advised until further technical details are disclosed.