Kitty: Arbitrary Code Execution A vulnerability has been found in Kitty which could allow for arbitrary code execution with user input. kitty 2022-09-29 2022-09-29 868543 remote 0.26.2 0.26.2

Kitty is a fast, feature-rich, GPU-based terminal.

Carter Sande discovered that maliciously constructed control sequences can cause Kitty to display a notification that, when clicked, can cause Kitty to execute arbitrary commands.

Kitty can produce notifications that, when clicked, can execute arbitrary commands.

Avoid clicking unexpected notifications.

All Kitty users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=x11-terms/kitty-0.26.2" CVE-2022-41322 ajak ajak