CVE-2026-45037
Tabby · Tabby (formerly Terminus)
A security vulnerability has been identified in the Tabby terminal emulator, which may allow for unauthorized system impact.
Executive summary
The Tabby terminal emulator is affected by a high-severity vulnerability that necessitates immediate attention to prevent potential exploitation.
Vulnerability
The vulnerability affects the Tabby terminal emulator, a highly configurable tool for system access. Specific details regarding the vulnerability type and required attacker privileges are currently insufficient to determine the exact attack vector.
Business impact
With a CVSS score of 7.1, this vulnerability poses a significant risk to workstations and servers where Tabby is deployed. Exploitation could allow attackers to gain unauthorized control over terminal sessions, potentially leading to privilege escalation or lateral movement within the network.
Remediation
Immediate Action: Verify the version of Tabby currently in use and review the official project repository or vendor advisory for the release of security-focused updates.
Proactive Monitoring: Monitor terminal access logs for suspicious commands or unauthorized session initiation patterns.
Compensating Controls: Restrict terminal emulator access to authorized personnel via endpoint management policies and ensure that the host OS is properly hardened.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Terminal emulators are high-value targets for attackers seeking to establish persistence or escalate privileges. Organizations should treat this vulnerability with urgency by updating the software to the latest version as soon as a patch is confirmed by the vendor.