CVE-2026-33633 – kitty
CVSS 7.5
IMPORTANT
“Terminal vulnerabilities with public exploit code can turn trusted developer tools into attack paths.”
kovidgoyal released patches for two vulnerabilities affecting kitty. CVE-2026-33642 has a CVSS score of 9.9, which is Critical severity. CVE-2026-33633 has a CVSS score of 7.5, which is High severity.
The update addresses memory safety issues that could allow remote code execution, with one issue also creating privilege escalation risk. Public proof-of-concept code is available for both vulnerabilities.
Key Details
- Affected Product
- Kovidgoyal Kitty
- Attack Vector
- Network
- Attack Complexity
- High
- Privileges Required
- None
- User Interaction
- Required
- CWE Classification
- CWE-122
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.