CVEFinder.io

CVE-2026-54055

🔶 medium
🔍 Scan for this CVE
Summary

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU (Time-of-Check-Time-of-Use) race condition between symlink validation and file creation. The `os.open()` call used to create files does not use `O_NOFOLLOW`, allowing an attacker to create a symlink between the initial st

Description

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU (Time-of-Check-Time-of-Use) race condition between symlink validation and file creation. The `os.open()` call used to create files does not use `O_NOFOLLOW`, allowing an attacker to create a symlink between the initial stat check and the actual file open, causing the write to follow the symlink to an arbitrary destination. Version 0.47.2 fixes the issue.

CVSS Score
5.0
Medium
EPSS Score
0.1
Exploit Probability
Published Date
2026-06-12
First Seen: 2026-06-13
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 19.3% of all 329,456 vulnerabilities in our database.

#265,985
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Jun 15, 2026
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-06-16
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:L
CWE IDs (Weakness Types)
CWE-59 CWE-367 CWE-426

📦 Affected Products 1

Vendor Product Status Affected Versions
kovidgoyal kitty Affected
< 0.47.2

🔗 References 1

https://github.com/kovidgoyal/kitty/security/advisor...
Mitigation Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-42850 ⚠️ high 8.8 0.2 Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the ... 2026-06-12
CVE-2026-42851 ⚠️ high 7.8 0.1 Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty term... 2026-06-12
CVE-2026-54056 ⚠️ high 7.6 0.2 Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, `kitten dnd` can allow a malicious remote d... 2026-06-12
CVE-2026-54057 ⚠️ high 7.8 0.1 Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 (color-control) query reply re... 2026-06-12
CVE-2026-33633 ⚠️ high 7.5 0.0 Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in load_image_dat... 2026-05-19
CVE-2026-33642 ⛔ critical 9.9 0.1 Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_command() function in kit... 2026-05-19
These CVEs affect the same products