Back to VulnFeed / CVE-2026-11623
root@hackertop:~/vulnfeed/CVE-2026-11623#
CVE-2026-11623 MEDIUM CVE ⚠ Unpatched · Zero-day◉ PoC 公开 Lifecycle 4/7

tmux up to 3.6a image.c image_free use after free

tmux 3.6a 26d ago Impact pending confirmation
LIFECYCLE
4.1 CVSS
Vulnerability Detail Mitigation Lifecycle CVSS Assessment
Vulnerability Description
A vulnerability was found in tmux up to 3.6a. It has been classified as critical. This affects the function image_free of the file image.c. Upgrading to version 3.7-rc eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying the patch fc6d94a9f8a593bd8b7031650802084385d4ee03 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.
Root Cause Analysis
CWE is classifying the issue as CWE-416. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Impact: This is going to have an impact on confidentiality, integrity, and availability.

Exploit: The exploit is shared for download at gist.github.com. It is declared as proof-of-concept.

Countermeasure: Upgrading to version 3.7-rc eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying the patch fc6d94a9f8a593bd8b7031650802084385d4ee03 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.
Validation (PoC/EXP) - Looking for Contributors
No public PoC yet

Public validation traces already exist. Community contributors can extend them with richer reproduction content.

Contribute Your PoC/EXP
Log in to contribute PoC/EXP content. Log in
Back to VulnFeed
CVE-2026-11623 · CVSS 4.1 · Active Threat