There Is an iTerm2 RCE Where `cat readme.txt` Gets You Owned — Patch Before Monday
There Is an iTerm2 RCE Where cat readme.txt Gets You Owned — Patch Before Monday
CVE-2026-41253 was disclosed on April 18. It is an iTerm2 bug where opening a plain .txt file with cat can execute arbitrary shell as the user. No click. No download. No signed binary. No malware warning.
It affects every version of iTerm2 up through 3.6.9. If you are a solo operator who routinely clones random GitHub repos and cats a README to see what you are dealing with, you are the exact target.
This is not a theoretical risk. Researchers at Calif Global turned a plain file-display operation into a full shell as the logged-in user, without a single click, a single download, or a single signature for any security tool to catch. The proof-of-concept is out. The fix has landed in the iTerm2 source tree but had not reached a stable release as of disclosure.
Read the post. Patch when you can. And until you can, change one habit.
What the Vulnerability Actually Does
iTerm2 has an SSH integration feature called the "conductor." When iTerm2 is managing an SSH session, the remote side can send escape sequences — specifically DCS 2000p and OSC 135 — that the local iTerm2 interprets as instructions for managing the session. That integration is what powers features like remote path awareness and smart tab titles.
The bug: iTerm2 accepts those conductor escape sequences from any terminal output, not just legitimate conductor sessions. If you cat a file whose contents contain the right escape sequences, and the working directory contains a file with a carefully crafted name — specifically a pathname with an initial "ace/c+" substring that is valid output from the conductor encoding path — iTerm2 hands control to a shell as you.
In plain English: a text file you cat can make iTerm2 run a command. Because you, the user, are running the terminal, the command runs as you, with your permissions, with access to your environment variables, your SSH keys, your shell history, your everything.
The CVSS score is 6.9, which puts it in the Medium bucket. For most enterprise threat models, Medium is a patch-within-30-days issue. For a solo operator who inspects random repos as part of the job, Medium undersells the real exposure.
Why Solo Operators Are Especially Exposed
Big-company developers have some insulation. They work inside sandboxed dev environments. They do not clone strangers' gists on a weeknight to see if a trick works. They have security teams that triage CVEs for them.
You do not. You are the security team.
Here is a short list of the things a normal solo operator did this week that could theoretically be an attack vector for this bug:
Cloned a repo from a tweet. Ran cat README.md to see what the project was about. That README can now execute code in your shell.
Downloaded a zip file from a tutorial site. Extracted it. Ran cat install.sh to read the install script before running it. That "safe read before run" habit just became an attack.
Opened a project someone sent you in Slack. Ran ls and cat on files to orient yourself. Same vector.
None of those behaviors are reckless. All of them are the normal daily behavior of a working developer. That is what makes this particular vulnerability a bigger deal for solo operators than the CVSS score suggests.
The 20-Minute Mitigation
You have a few levers.
Update iTerm2 as soon as a patched build is available. The fix landed in the iTerm2 source tree at commit a9e745993c2e2cbb30b884a16617cd5495899f86 on March 31. At the time of disclosure, that commit had not yet rolled into a stable public release. Check the iTerm2 GitHub releases page or the official updater inside iTerm2. When 3.6.10 or 3.7 drops with the fix, install it that day.
Until then, stop cat-ing files from untrusted sources. Use less -R instead. less -R renders ANSI escape codes but does not execute conductor sequences the same way, and more importantly, it gives you a paged view where you can scan content before it scrolls off. This is a good habit regardless — cat-ing a huge file is how you lose half your terminal history on a weekday.
Consider a temporary terminal change. Ghostty, Warp, and the built-in macOS Terminal.app are all reasonable short-term alternatives if you want to fully remove iTerm2 from the attack surface until a patched release is available. This is overkill for most people. For a paranoid security-sensitive workflow, it is a fine call.
Audit what is in your shell environment. If you are storing long-lived tokens, SSH keys, or credentials in environment variables or in files the logged-in user can read, that is what an attacker gets if this bug fires. Rotating the ones you care about is not a bad Sunday afternoon.
The one habit I am changing permanently is the cat versus less -R thing. Even after the patch lands, using less -R on unknown content is cheap insurance against the next version of this bug in whichever terminal I am using six months from now.
The Bigger Pattern
Terminal emulators are a weirdly rich attack surface, and they have been for years. Escape sequences, OSC commands, hyperlink protocols, title-setting, color codes — the terminal is doing a lot more than displaying text, and most of that "a lot more" runs on implicit trust in whoever is sending bytes to the TTY.
In 2020 there was a similar class of bug in multiple terminals involving clipboard-copying via OSC 52. In 2022 there were issues around right-to-left override characters in source code. This iTerm2 bug is the April 2026 entry in a long lineage of "just a text file, what could go wrong" stories.
The honest lesson is not "iTerm2 is broken." iTerm2 is one of the most carefully-maintained terminals in the ecosystem, and George Nachman responded fast when the report landed. The lesson is that the implicit trust model — "bytes from the TTY are display data" — is increasingly wrong, and any reasonable developer workflow should treat terminal output from untrusted sources as untrusted input.
What I Actually Did Sunday Morning
Updated my iTerm2 to the latest public build. Noted the version. Set a reminder to check for the patch release next week.
Swapped my default "read this file" command from cat to less -R in my shell aliases. Five seconds. Already paying off because less -R is a better experience for most files anyway.
Audited my .zshrc and .env files for any tokens I would not want an attacker to see. Rotated one that I had left in there from a proof-of-concept six months ago. Should have rotated it when I finished the PoC.
Wrote this post so the next solo operator who scrolls past the CVE without clicking through has a chance of catching the important part.
The Short Version
Every version of iTerm2 through 3.6.9 is vulnerable. The exploit requires no clicks. The fix is upstream but not yet in a stable release. Use less -R instead of cat for untrusted files until you have patched. Rotate anything sensitive in your shell environment. Move on with your weekend.
Practical hygiene beats security theater. This post is the 20-minute version.