📄 Description (English)
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control characters from file paths when dragging and dropping a file into it, code execution can be achieved. This vulnerability is fixed in 1.0.233.
🤖 AI Executive Summary
Tabby terminal emulator versions prior to 1.0.233 contain a critical code execution vulnerability through unescaped control characters in drag-and-drop file paths. An attacker can execute arbitrary code by crafting malicious file paths and dropping them into the Tabby interface. This vulnerability poses significant risk to developers and system administrators in Saudi organizations who rely on Tabby for terminal operations.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 20, 2026 15:01
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi technology companies, software development firms, government IT departments, and financial institutions that employ developers using Tabby. High-risk sectors include: (1) Banking and Financial Services (SAMA-regulated entities) where developers access sensitive systems; (2) Government agencies and NCA-regulated entities managing critical infrastructure; (3) Telecommunications companies (STC, Mobily) with development teams; (4) Energy sector (ARAMCO, SABIC) with engineering teams; (5) Healthcare organizations with IT development staff. The drag-and-drop attack vector is particularly dangerous in shared development environments common in Saudi enterprises.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Telecommunications
Energy and Utilities
Healthcare
Software Development and IT Services
Critical Infrastructure
🎯 MITRE ATT&CK Techniques
T1204.002 - User Execution: Malicious File
T1059.001 - Command and Scripting Interpreter: PowerShell
T1059.004 - Command and Scripting Interpreter: Unix Shell
T1190 - Exploit Public-Facing Application
T1566.001 - Phishing: Spearphishing Attachment
T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all Tabby installations across your organization using endpoint detection tools or software inventory systems
2. Restrict file drag-and-drop functionality in Tabby through configuration settings if available
3. Disable Tabby usage in high-risk environments (financial systems, critical infrastructure access) until patched
4. Educate users not to drag-and-drop files from untrusted sources into Tabby
PATCHING GUIDANCE:
1. Upgrade Tabby to version 1.0.233 or later immediately when available
2. Monitor Tabby's official GitHub repository for patch release announcements
3. Test patches in development environment before enterprise deployment
4. Create automated deployment procedures for rapid patching across all systems
COMPENSATING CONTROLS:
1. Implement application whitelisting to restrict Tabby execution to authorized users only
2. Use endpoint protection with behavioral analysis to detect suspicious process spawning from Tabby
3. Monitor file system and process creation events from Tabby processes
4. Implement network segmentation to limit lateral movement if Tabby is compromised
5. Disable drag-and-drop functionality at OS level if possible
DETECTION RULES:
1. Monitor for Tabby process spawning child processes with suspicious command lines
2. Alert on file access patterns from Tabby to system directories or sensitive locations
3. Track unusual network connections initiated from Tabby processes
4. Log all drag-and-drop operations involving special characters or control sequences
5. Monitor for Tabby configuration file modifications
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع تثبيتات Tabby عبر المنظمة باستخدام أدوات كشف نقاط النهاية أو أنظمة جرد البرامج
2. تقييد وظيفة السحب والإفلات للملفات في Tabby من خلال إعدادات التكوين إن أمكن
3. تعطيل استخدام Tabby في البيئات عالية المخاطر حتى يتم تصحيحها
4. تثقيف المستخدمين بعدم سحب وإفلات الملفات من مصادر غير موثوقة في Tabby
إرشادات التصحيح:
1. ترقية Tabby إلى الإصدار 1.0.233 أو أحدث فوراً عند توفره
2. مراقبة مستودع Tabby الرسمي على GitHub للإعلانات عن إصدار التصحيح
3. اختبار التصحيحات في بيئة التطوير قبل النشر على مستوى المؤسسة
4. إنشاء إجراءات نشر آلية للتصحيح السريع عبر جميع الأنظمة
الضوابط البديلة:
1. تطبيق القائمة البيضاء للتطبيقات لتقييد تنفيذ Tabby للمستخدمين المصرح لهم فقط
2. استخدام الحماية من نقاط النهاية مع التحليل السلوكي لكشف عمليات مريبة من Tabby
3. مراقبة نظام الملفات وأحداث إنشاء العمليات من عمليات Tabby
4. تطبيق تقسيم الشبكة لتحديد الحركة الجانبية إذا تم اختراق Tabby
5. تعطيل وظيفة السحب والإفلات على مستوى نظام التشغيل إن أمكن
قواعد الكشف:
1. مراقبة عمليات Tabby التي تولد عمليات فرعية بخطوط أوامر مريبة
2. التنبيه على أنماط الوصول إلى الملفات من Tabby إلى الدلائل النظامية أو المواقع الحساسة
3. تتبع الاتصالات الشبكية غير العادية التي تبدأ من عمليات Tabby
4. تسجيل جميع عمليات السحب والإفلات التي تتضمن أحرفاً خاصة أو تسلسلات تحكم
5. مراقبة تعديلات ملف تكوين Tabby
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Information Security Policies and Procedures
ECC 2024 A.6.1.1 - Access Control and Authentication
ECC 2024 A.12.2.1 - Change Management
ECC 2024 A.12.6.1 - Management of Technical Vulnerabilities
🔵 SAMA CSF
SAMA CSF ID.BE-1 - Business Environment
SAMA CSF PR.IP-12 - Software Development and Quality Assurance
SAMA CSF DE.CM-1 - Detection Processes
SAMA CSF RS.MI-2 - Incident Response and Management
🟡 ISO 27001:2022
ISO 27001:2022 A.5.1 - Policies for Information Security
ISO 27001:2022 A.6.2 - Information Security Roles and Responsibilities
ISO 27001:2022 A.8.1 - User Endpoint Devices
ISO 27001:2022 A.14.2 - Development, Testing and Acceptance of Information Systems
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Security Patches and Updates
PCI DSS 11.2 - Vulnerability Scanning
📦 Affected Products / CPE 1 entries
tabby:tabby