A vulnerability identified as critical has been detected in kovidgoyal kitty up to 0.47.1 . This issue affects the function os.open . The manipulation leads to link following. This vulnerability is referenced as CVE-2026-54055 . The attack can only be performed from a local environment. No exploit is available. You should upgrade the affected component.