CVE-2026-45036: Tabby Terminal Emulator RCE Vulnerability

CVE-2026-45036 Overview

CVE-2026-45036 is a command injection vulnerability in Tabby (formerly Terminus), a configurable terminal emulator. Versions prior to 1.0.233 automatically confirm ZMODEM protocol detection on all terminal session output without user interaction. The ZModemMiddleware in tabby-terminal consumes session output through a Zmodem.Sentry and unconditionally writes a ZRINIT response back into the active PTY when a ZRQINIT header appears. An attacker who entices a user to display crafted content (for example, with cat) can achieve shell command execution with no further interaction. The flaw is tracked under [CWE-78] (OS Command Injection) and is fixed in version 1.0.233.

Critical Impact

Viewing a malicious file in Tabby can lead to arbitrary command execution in the user's shell without any prompts or confirmation.

Affected Products

• Tabby (formerly Terminus) terminal emulator
• All versions prior to 1.0.233
• tabby-terminal component containing the ZModemMiddleware

Discovery Timeline

• 2026-05-15 - CVE-2026-45036 published to NVD
• 2026-05-20 - Last updated in NVD database

Technical Details for CVE-2026-45036

Vulnerability Analysis

The vulnerability stems from how Tabby handles ZMODEM file transfer detection. The ZModemMiddleware inspects all PTY output for ZMODEM headers using Zmodem.Sentry. When a ZRQINIT header is detected, the middleware calls detection.confirm() without prompting the user and writes the fixed ZRINIT response **\\x18B0100000023be50\r\n\\x11 back into the PTY as input.

The leading ** bytes are the critical injection primitive. When the producing process (such as cat) exits, the injected bytes remain in the shell's input buffer and are interpreted as a command line. Shell-specific expansion then turns the inert-looking sequence into an executable command.

Under fish (Tabby's default shell configuration), the ** prefix triggers recursive glob expansion against the working directory. An attacker-placed executable at a nested path matching the remaining response bytes, for example d/xB0100000023be50, gets invoked by relative pathname. This bypasses PATH resolution entirely.

Under bash and zsh, the attacker combines the ZMODEM injection with a secondary xterm.js color-query feedback sequence (OSC 10) embedded in the same file. The combined feedback supplies a slash-containing command word that similarly evades PATH lookup.

Root Cause

The root cause is unconditional confirmation of an inbound protocol negotiation on untrusted output. The middleware treats any ZRQINIT header in stream data as a legitimate transfer request and writes raw bytes back to the PTY without operator approval or content validation.

Attack Vector

Delivery typically occurs through content the victim renders in a Tabby session. A crafted file in a cloned Git repository, log file, or piped network output displayed with cat, less -r, or similar utilities is sufficient. No user interaction beyond viewing the content is required.

The vulnerability mechanism is described in detail in the Tabby GitHub Security Advisory GHSA-qr3x-j8g9-xhf6.

Detection Methods for CVE-2026-45036

Indicators of Compromise

• Files containing the ZMODEM ZRQINIT byte sequence alongside printable content intended for display
• Presence of nested executable files with names matching the pattern xB0100000023be50 or similar response-derived strings
• Repositories or archives that contain unexpected executable bits on files inside deeply nested directories
• Shell history entries showing commands that begin with ** or contain unexpected slash-prefixed binary invocations

Detection Strategies

• Inspect Tabby installations and confirm the version is 1.0.233 or later by checking application metadata
• Scan source repositories and downloaded artifacts for embedded ZMODEM control sequences in non-binary files
• Monitor process creation telemetry for child processes of tabby whose executable path is a relative nested directory in the user's working directory
• Alert on terminal sessions where shell processes execute binaries that were not present in PATH

Monitoring Recommendations

• Log and review command execution from terminal emulator processes, paying attention to relative-path invocations
• Track file write events that create executables inside cloned repositories or downloaded archives
• Correlate Tabby launch events with subsequent unexpected child process creation in user home directories

How to Mitigate CVE-2026-45036

Immediate Actions Required

• Upgrade Tabby to version 1.0.233 or later on all workstations where it is installed
• Audit recently cloned Git repositories and downloaded files for embedded ZMODEM sequences before displaying them in Tabby
• Avoid using cat or similar raw-output commands on untrusted files inside vulnerable Tabby versions
• Review shell history and recent process execution on systems running affected Tabby builds

Patch Information

The vendor released a fix in Tabby 1.0.233. The patch removes the automatic call to detection.confirm() in ZModemMiddleware so that ZMODEM negotiation no longer occurs without user awareness. Patch and advisory details are available in the Tabby GitHub Security Advisory.

Workarounds

• If upgrading immediately is not possible, restrict the use of Tabby to trusted content sources only
• Use an alternative terminal emulator when handling untrusted files or repositories until the upgrade is applied
• Disable or remove the ZMODEM middleware functionality where configuration permits
• Configure shells to avoid recursive glob expansion on ** patterns where feasible to reduce the fish exploitation path