Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-46709

HIGH NVD
CVSS Score 7.8
Severity HIGH
Published Jul 15, 2026
Vendor unknown

Description

Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.234, Tabby inserts dropped file paths from tabby-electron/src/pathDrop.ts into the active shell without neutralizing command substitution metacharacters such as $(โ€ฆ) and `โ€ฆ`, so the incomplete CVE-2026-45038 fix for control characters still allows code execution when the victim presses Enter. This issue is fixed in version 1.0.234.

References