Vulnerabilities
Report: CVE-2026-41253 - iTerm2 SSH Conductor Protocol Remote Code Execution Vulnerability - Guide
CVE ID :CVE-2026-41253 Published : April 18, 2026, 6:16 a.m. | 1 hour, 21 minutes ago Description :In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conductor encoding path, such as a pathname with an initial ace/c+ substring, aka