Primary

Context

Tophat Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability exists in Tophat versions prior to 2.5.1. The issue arises because the 'arguments' query parameter is passed unsanitized from URL parsing to execution via '/bin/bash -c'. This allows an attacker to execute arbitrary commands on a developer's macOS workstation. The vulnerability is triggered by crafted 'tophat://' or 'http://localhost:29070' URLs. Commands executed through this vulnerability run with the user's permissions. Developers with Tophat installed are affected, and for previously trusted build hosts, no confirmation dialog is presented.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected user's macOS workstation, with the executed commands running under the user's permissions.

Remediation

Users are advised to update Tophat to version 2.5.1 or later. If an immediate update is not possible, manually inspect all Tophat URLs for malicious arguments before clicking.

Added: Apr 8, 2026, 10:39 PM

Updated: Apr 8, 2026, 10:39 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.9

remediation

0.0

relevance

5.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.9

remediation

0.0

relevance

5.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tophat Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating