A vulnerability, which was classified as critical , has been found in kovidgoyal kitty up to 0.46.x . The impacted element is an unknown function. Performing a manipulation results in command injection. This vulnerability is reported as CVE-2026-42850 . The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.