Vulnerability Details CVE-2022-41322
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.8%
CVSS Severity
CVSS v3 Score 7.8
References
- https://bugs.gentoo.org/868543
- https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f
- https://github.com/kovidgoyal/kitty/compare/v0.26.1...v0.26.2
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/47RK7MBSVY5BWDUTYMJUFPBAYFSWMTOI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RRNAPU33PHEH64P77YL3AJO6CTZGHTX/
- https://security.gentoo.org/glsa/202209-22
- https://sw.kovidgoyal.net/kitty/changelog/#detailed-list-of-changes
- https://bugs.gentoo.org/868543
- https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f
- https://github.com/kovidgoyal/kitty/compare/v0.26.1...v0.26.2
- https://lists.debian.org/debian-lts-announce/2025/06/msg00000.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/47RK7MBSVY5BWDUTYMJUFPBAYFSWMTOI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RRNAPU33PHEH64P77YL3AJO6CTZGHTX/
- https://security.gentoo.org/glsa/202209-22
- https://sw.kovidgoyal.net/kitty/changelog/#detailed-list-of-changes
Products affected by CVE-2022-41322
-
cpe:2.3:a:kitty_project:kitty:0.1.0
-
cpe:2.3:a:kitty_project:kitty:0.10.0
-
cpe:2.3:a:kitty_project:kitty:0.10.1
-
cpe:2.3:a:kitty_project:kitty:0.11.0
-
cpe:2.3:a:kitty_project:kitty:0.11.1
-
cpe:2.3:a:kitty_project:kitty:0.11.2
-
cpe:2.3:a:kitty_project:kitty:0.11.3
-
cpe:2.3:a:kitty_project:kitty:0.12.0
-
cpe:2.3:a:kitty_project:kitty:0.12.1
-
cpe:2.3:a:kitty_project:kitty:0.12.2
-
cpe:2.3:a:kitty_project:kitty:0.12.3
-
cpe:2.3:a:kitty_project:kitty:0.13.0
-
cpe:2.3:a:kitty_project:kitty:0.13.1
-
cpe:2.3:a:kitty_project:kitty:0.13.2
-
cpe:2.3:a:kitty_project:kitty:0.13.3
-
cpe:2.3:a:kitty_project:kitty:0.14.0
-
cpe:2.3:a:kitty_project:kitty:0.14.1
-
cpe:2.3:a:kitty_project:kitty:0.14.2
-
cpe:2.3:a:kitty_project:kitty:0.14.3
-
cpe:2.3:a:kitty_project:kitty:0.14.4
-
cpe:2.3:a:kitty_project:kitty:0.14.5
-
cpe:2.3:a:kitty_project:kitty:0.14.6
-
cpe:2.3:a:kitty_project:kitty:0.15.0
-
cpe:2.3:a:kitty_project:kitty:0.15.1
-
cpe:2.3:a:kitty_project:kitty:0.16.0
-
cpe:2.3:a:kitty_project:kitty:0.17.0
-
cpe:2.3:a:kitty_project:kitty:0.17.1
-
cpe:2.3:a:kitty_project:kitty:0.17.2
-
cpe:2.3:a:kitty_project:kitty:0.17.3
-
cpe:2.3:a:kitty_project:kitty:0.17.4
-
cpe:2.3:a:kitty_project:kitty:0.18.0
-
cpe:2.3:a:kitty_project:kitty:0.18.1
-
cpe:2.3:a:kitty_project:kitty:0.18.2
-
cpe:2.3:a:kitty_project:kitty:0.18.3
-
cpe:2.3:a:kitty_project:kitty:0.19.3
-
cpe:2.3:a:kitty_project:kitty:0.2.0
-
cpe:2.3:a:kitty_project:kitty:0.2.1
-
cpe:2.3:a:kitty_project:kitty:0.2.2
-
cpe:2.3:a:kitty_project:kitty:0.2.3
-
cpe:2.3:a:kitty_project:kitty:0.2.4
-
cpe:2.3:a:kitty_project:kitty:0.2.5
-
cpe:2.3:a:kitty_project:kitty:0.2.6
-
cpe:2.3:a:kitty_project:kitty:0.2.7
-
cpe:2.3:a:kitty_project:kitty:0.2.8
-
cpe:2.3:a:kitty_project:kitty:0.3.0
-
cpe:2.3:a:kitty_project:kitty:0.4.0
-
cpe:2.3:a:kitty_project:kitty:0.4.1
-
cpe:2.3:a:kitty_project:kitty:0.4.2
-
cpe:2.3:a:kitty_project:kitty:0.5.0
-
cpe:2.3:a:kitty_project:kitty:0.5.1
-
cpe:2.3:a:kitty_project:kitty:0.6.0
-
cpe:2.3:a:kitty_project:kitty:0.6.1
-
cpe:2.3:a:kitty_project:kitty:0.7.0
-
cpe:2.3:a:kitty_project:kitty:0.7.1
-
cpe:2.3:a:kitty_project:kitty:0.8.0
-
cpe:2.3:a:kitty_project:kitty:0.8.1
-
cpe:2.3:a:kitty_project:kitty:0.8.2
-
cpe:2.3:a:kitty_project:kitty:0.8.3
-
cpe:2.3:a:kitty_project:kitty:0.8.4
-
cpe:2.3:a:kitty_project:kitty:0.9.0
-
cpe:2.3:a:kitty_project:kitty:0.9.1
-
cpe:2.3:o:fedoraproject:fedora:36
-
cpe:2.3:o:fedoraproject:fedora:37