CVE-2026-41253 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whos…
Medium CVSS: 6.9

CVE-2026-41253

In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conductor encoding path, such as a pathname with an initial ace/c+ substring, aka "hypothetical in-band signaling abuse." This occurs because iTerm2 accepts the SSH conductor protocol from terminal output that does not originate from a legitimate conductor session.
Vendor
-
Product
-
CWE
CWE-829
Yayın Tarihi
2026-04-18 06:16:17
Güncelleme
2026-04-18 06:16:17
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-829 MEDIUM 2026

Referanslar

https://blog.calif.io/p/mad-bugs-even-cat-readmetxt-is-not https://github.com/gnachman/iTerm2/commit/a9e745993c2e2cbb30b884a16617cd5495899f86 https://iterm2.com/downloads.html https://news.ycombinator.com/item?id=47809190