Skip to content

Unsafe protocol handler execution via terminal linkifier allows arbitrary OS protocol invocation

High
Eugeny published GHSA-cmpc-v2x9-j9x9 May 4, 2026

Package

tabby (Binary)

Affected versions

<=1.0.231

Patched versions

1.0.232

Description

Impact

It was found that Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to send crafted terminal output containing dangerous protocol URIs which Tabby renders as clickable links, triggering arbitrary OS protocol handlers on the victim's machine.

The vulnerability exists in the current release of:

tabby-linkifier

The vulnerability is triggered when a user connects to a malicious SSH/Telnet server that sends terminal output containing a crafted URI such as vscode://, ms-msdt://, or zoommtg://. Tabby linkifies the URI and clicking it invokes the corresponding OS protocol handler with no validation or warning from Tabby. On unpatched Windows systems this can lead to RCE via known protocol handler exploits such as follina (CVE-2022-30190).

Patches

The vulnerability exists in tabby-linkifier/src/handlers.ts. The fix is to whitelist safe protocols before calling openExternal():

const SAFE_PROTOCOLS = ['https:', 'http:', 'ftp:', 'mailto:']
const url = new URL(uri)
if (SAFE_PROTOCOLS.includes(url.protocol)) {
    this.platform.openExternal(uri)
}

All users are recommended to avoid clicking application protocol links they do not understand and trust in SSH/Telnet sessions.

References

Severity

High

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CVE ID

CVE-2026-45037

Weaknesses

Incomplete List of Disallowed Inputs

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete. Learn more on MITRE.

URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. Learn more on MITRE.

Credits