← Voltar para CVEs
CVE-2026-26982
MEDIUM6.3
Descricao
Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 (Ctrl+C) in pasted and dropped text. These can be used to execute arbitrary commands in some shell environments. This attack requires an attacker to convince the user to copy and paste or drag and drop malicious text. The attack requires user interaction to be triggered, but the dangerous characters are invisible in most GUI environments so it isn't trivially detected, especially if the string contents are complex. Fixed in Ghostty v1.3.0.
Detalhes CVE
Pontuacao CVSS v3.16.3
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado3/10/2026
Ultima modificacao3/13/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
ghostty:ghostty
Fraquezas (CWE)
CWE-78
Referencias
https://github.com/ghostty-org/ghostty/commit/fe7427ed2a1a02aef85495b384cfb8f11ee5efc9(security-advisories@github.com)
https://github.com/ghostty-org/ghostty/pull/10746(security-advisories@github.com)
https://github.com/ghostty-org/ghostty/security/advisories/GHSA-4jxv-xgrp-5m3r(security-advisories@github.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.