{"vulnerability": "cve-2026-33642", "sightings": [{"uuid": "3386ee37-1387-46c2-b43f-625fc6f3bab3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33642", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mma6kvszab2e", "content": "\ud83d\udd34 CVE-2026-33642 - Critical (9.9)\n\nKitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_co...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-33642/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-19T20:00:34.452001Z"}, {"uuid": "af8ae5a2-9703-4d1e-90ff-f35a4556137a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33642", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmacmyipvw2k", "content": "CVE-2026-33642 - Kitty has a Heap Buffer Over-Read/Write via Integer Overflow in compose_rectangles Bounds Check\nCVE ID : CVE-2026-33642\n \n Published : May 19, 2026, 7:16 p.m. | 1\u00a0hour, 5\u00a0minutes ago\n \n Description : Kitty is a cross-platform GPU based terminal. In versions 0....", "creation_timestamp": "2026-05-19T21:13:18.686588Z"}, {"uuid": "30d028c5-809c-4e82-81da-166bf945bfea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-33642", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116604313809197692", "content": "\u26a0\ufe0f CRITICAL: kitty terminal <0.47.0 vulnerable to integer overflow (CVE-2026-33642). Malicious escape sequences can cause heap memory corruption \u2014 no user action needed. Upgrade to 0.47.0+ now! https://radar.offseq.com/threat/cve-2026-33642-cwe-190-integer-overflow-or-wraparo-3fc58bfe #OffSeq #Vuln #KittyTerminal #Infosec", "creation_timestamp": "2026-05-20T01:30:29.263984Z"}, {"uuid": "338ed21b-3c91-4922-b098-8ffd5b521b98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-33642", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mmaqyve4ol22", "content": "Kitty terminal <0.47.0 has a CRITICAL integer overflow bug. Remote attackers can corrupt memory with crafted escape sequences \u2014 no user action needed. Upgrade to 0.47.0+ now! https://radar.offseq.com/threat/cve-2026-33642-cwe-190-integer-overflow-or-wraparo-3fc58bfe #OffSeq #KittyTerminal #Security", "creation_timestamp": "2026-05-20T01:30:31.947663Z"}, {"uuid": "c1930ad0-0412-4332-b09b-102b7a8343b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33642", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mooy7i65pn2f", "content": "\ud83d\udccc CVE-2026-33642 - Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_command() function in kitty/graphics.c performs bounds ... https://www.cyberhub.blog/cves/CVE-2026-33642", "creation_timestamp": "2026-06-20T04:07:07.424241Z"}, {"uuid": "0cad9edd-ed6b-418f-b17c-79026a359633", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-33642", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motnixw3rk2s", "content": "\ud83d\udea8  ALERT: CVE-2026-33642\n\nCVSS 9.9/10\n\n\ud83d\udccb WHAT IT IS:\nKitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_command() function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wra", "creation_timestamp": "2026-06-22T00:38:55.718891Z"}]}