Every CVE whose affected-product data names Kovidgoyal Kitty, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2026-33642 — CVSS 9.9 (critical): Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_command() function in kitty/graphics.c…
CVE-2020-35605 — CVSS 9.8 (critical): The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename…
CVE-2026-42850 — CVSS 8.8 (high): Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through…
CVE-2026-42851 — CVSS 7.8 (high): Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote…
CVE-2026-54057 — CVSS 7.8 (high): Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 (color-control) query reply reflects…
CVE-2026-54056 — CVSS 7.6 (high): Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, `kitten dnd` can allow a malicious remote drag-and-drop source…
CVE-2026-33633 — CVSS 7.5 (high): Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in load_image_data() that allows any…
CVE-2026-54055 — CVSS 5.0 (medium): Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's…
CVE-2025-43929 — CVSS 4.1 (medium): open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked…