CVE-2024-38396

CRITICAL

iTerm2 3.5.0-3.5.1 - Remote Code Execution via Window Title Escape Sequence

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-38396. PoCs published by vin01.

AI-analyzed exploit summary The repository claims to be a PoC for CVE-2024-38396 but lacks actual exploit code, instead referencing an external Docker image and a text file. The README provides no technical details about the vulnerability or how the exploit works.

Description

An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than CVE-2024-38395.

Exploits (1)

nomisec SUSPICIOUS 19 stars
by vin01 · poc
https://github.com/vin01/poc-cve-2024-38396

The repository claims to be a PoC for CVE-2024-38396 but lacks actual exploit code, instead referencing an external Docker image and a text file. The README provides no technical details about the vulnerability or how the exploit works.

Classification
Suspicious 90%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: unspecified
No auth needed
Prerequisites: Docker or access to a specific text file
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 9.8
EPSS 0.0170
EPSS Percentile 74.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-94
Status published
Products (1)
iterm2/iterm2 3.5.0 - 3.5.2
Published Jun 16, 2024
Tracked Since Feb 18, 2026