CVE-2026-11623
Received Received - Intake
Use After Free in tmux

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: VulDB

Description
A security vulnerability has been detected in tmux up to 3.6a. Affected is the function image_free of the file image.c. Such manipulation leads to use after free. Local access is required to approach this attack. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used. Upgrading to version 3.7-rc is able to address this issue. The name of the patch is fc6d94a9f8a593bd8b7031650802084385d4ee03. The affected component should be upgraded.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-09
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-11623
EUVD
EUVD-2026-35297
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
tmux tmux to 3.6a (inc)
tmux tmux 3.7-rc
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-11623 is a Use-After-Free (UAF) vulnerability in tmux, a terminal multiplexer, affecting versions up to and including 3.6a. The flaw occurs in the function image_free within the file image.c, specifically when tmux processes Sixel image data. The vulnerability arises due to incorrect management of images between two lists during screen switching, causing corruption of doubly-linked list metadata and leading to a use-after-free write condition.

An attacker can exploit this by tricking a user into viewing a maliciously crafted file in a tmux pane, which causes the tmux server to crash and terminate all user sessions.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) condition, where the tmux server crashes and terminates all user sessions when a maliciously crafted file is viewed.

Beyond crashing, further exploitation could potentially allow an attacker to execute arbitrary code by manipulating the heap layout, which could lead to more severe security breaches.

Mitigation Strategies

To mitigate the vulnerability CVE-2026-11623 in tmux, you should upgrade tmux to version 3.7-rc or later, as this version contains the patch that fixes the use-after-free issue in the image_free function.

The patch (commit fc6d94a9f8a593bd8b7031650802084385d4ee03) corrects the handling of image lists to prevent crashes and potential exploitation.

Since the vulnerability requires local access and is complex to exploit, upgrading the affected component is the recommended immediate action.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11623. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart