CVE-2026-45035— Tabby: RCE via `tabby://run` URL Scheme

AI Predicted 8.8 Difficulty: Trivial EPSS 0.05% · P15 Updated May 16, 2026

Possible ATT&CK Techniques 3AI

T1059 · Command and Scripting Interpreter T1189 · Drive-by Compromise T1203 · Exploitation for Client Execution

Affected Version Matrix 1

Vendor	Product	Version Range	Status
Eugeny	tabby	`< 1.0.233`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-45035

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Tabby: RCE via `tabby://run` URL Scheme

Source: NVD (National Vulnerability Database)

Vulnerability Description

Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supports a run command that directly executes OS commands with no user confirmation, sanitization, or sandboxing. An attacker can craft a malicious link (tabby://run?command=...) and deliver it via a website, email, chat message, or any other medium. When a victim clicks the link, the OS launches Tabby which immediately spawns the specified command as a child process with the user's full privileges. This is a zero-click-after-link-visit RCE vulnerability. This vulnerability is fixed in 1.0.233.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Tabby 操作系统命令注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Tabby（Terminus）是Eugene个人开发者的一个适用于 Windows 10、macOS 和 Linux 的高度可配置的终端仿真器、SSH 和串行客户端。 Tabby（Terminus） 1.0.233之前版本存在操作系统命令注入漏洞，该漏洞源于tabby:// URL方案处理程序直接执行OS命令且无用户确认，可能导致攻击者通过恶意链接实现远程代码执行。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Eugeny	tabby	< 1.0.233	-

II. Public POCs for CVE-2026-45035

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-45035

请登录查看更多情报信息。

Same Patch Batch · Eugeny · 2026-05-15 · 4 CVEs total

CVE-2026-45037	7.1 HIGH	Tabby: Unsafe protocol handler execution via terminal linkifier allows arbitrary OS protoc
CVE-2026-45036	7.0 HIGH	Tabby auto-confirms ZMODEM detection on terminal output, leading to shell command executio
CVE-2026-45038		Tabby: Dragging and Dropping a File into Tabby Can Lead to Code Execution

IV. Related Vulnerabilities

Same product: tabby

Same vendor: Eugeny

Same weakness: CWE-78

V. Comments for CVE-2026-45035

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-45035— Tabby: RCE via `tabby://run` URL Scheme

Possible ATT&CK Techniques 3AI

Affected Version Matrix 1

I. Basic Information for CVE-2026-45035

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-45035

III. Intelligence Information for CVE-2026-45035

Same Patch Batch · Eugeny · 2026-05-15 · 4 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-45035

Leave a comment