Microsoft Terminal
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Terminal.
Recent Microsoft Terminal Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2026-54124 | CVE-2026-54124 Windows Terminal Remote Code Execution Vulnerability | July 14, 2026 |
| CVE-2026-52859 | CVE-2026-52859 Vim: Out-of-bounds Read in Terminal Screen Snapshot | June 13, 2026 |
| CVE-2026-45803 | CVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection | May 21, 2026 |
| CVE-2026-28420 | CVE-2026-28420 Vim has Heap-based Buffer Overflow and OOB Read in :terminal | March 1, 2026 |
| CVE-2022-28391 | CVE-2022-28391 BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively the attacker could choose to change the terminal's colors. | January 1, 2026 |
| CVE-2016-2781 | CVE-2016-2781 chroot in GNU coreutils when used with --userspec allows local users to escape to the parent session via a crafted TIOCSTI ioctl call which pushes characters to the terminal's input buffer. | January 1, 2026 |
| CVE-2025-46394 | CVE-2025-46394 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences. | December 7, 2025 |
| CVE-2024-58251 | CVE-2024-58251 In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim. | December 7, 2025 |
| CVE-2022-44702 | Windows Terminal Remote Code Execution Vulnerability | December 13, 2022 |
By the Year
In 2026 there have been 1 vulnerability in Microsoft Terminal with an average score of 7.8 out of ten. Terminal did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 7.80 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 7.80 |
It may take a day or so for new Terminal vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Terminal Security Vulnerabilities
Jul 2026: Windows Terminal Remote Code Execution Vulnerability
CVE-2026-54124
7.8 - High
- July 14, 2026
Integer overflow or wraparound in Windows Terminal allows an unauthorized attacker to execute code locally.
Integer Overflow or Wraparound
Dec 2022: Windows Terminal Remote Code Execution Vulnerability
CVE-2022-44702
7.8 - High
- December 13, 2022
Windows Terminal Remote Code Execution Vulnerability
Code Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Terminal or by Microsoft? Click the Watch button to subscribe.