Is CVE-2026-54056 in the CISA KEV catalog?

No. CVE-2026-54056 is not currently on the CISA Known Exploited Vulnerabilities list.

What is the CVSS severity of CVE-2026-54056?

CVE-2026-54056 has a CVSS v3 base score of 7.6 (HIGH).

What is the EPSS score for CVE-2026-54056?

CVE-2026-54056 has an EPSS score of 0.27% (18th percentile), estimating the probability of exploitation in the next 30 days.

CVE & CISA-KEV Catalog

CVE-2026-54056

HIGH

7.6

CVSS v3

NVD

Description

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, `kitten dnd` can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote `text/uri-list` drops are staged in a temporary directory, but on case-sensitive filesystems duplicate remote basenames are not de-duplicated. An attacker can first create a staged symlink and then send a same-name regular-file entry. The regular-file write uses `utils.CreateAt()` / `openat(O_RDWR|O_CREAT|O_TRUNC)` without `O_NOFOLLOW`, so it follows the attacker-created symlink and writes outside the staging directory before final overwrite confirmation runs. This appears related in class to the file-transfer symlink advisory, but it is a different bug: it affects `kitten dnd` remote drag-and-drop staging, uses different vulnerable code (`kittens/dnd/drop.go` and `tools/utils/file_at_fd.go`), and reproduces on commit `4aa4a5c0567a92553a8c20a88a4352da637fca5d`, after the file-transfer `O_NOFOLLOW` fix. Version 0.47.2 patches the issue.

CWE-59

CVSS v3 Vector

Exploitability

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionRequired

ScopeChanged

Impact

ConfidentialityNone

IntegrityHigh

AvailabilityLow

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L

Exploit Intelligence

0.27%probability of exploitation in 30 days

18thpercentile

Low risk: more likely to be exploited than 18% of all known CVEs.

References

https://github.com/kovidgoyal/kitty/security/advisories/GHSA-r892-cv7q-fw8x

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-06-16.