A vulnerability labeled as critical has been found in tmux up to 3.6a . Affected is the function image_free of the file image.c . Such manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2026-11623 . Local access is required to approach this attack. Moreover, an exploit is present. The affected component should be upgraded.