Product
A high-severity DOM XSS vulnerability (CVE-2026-49864) in the wetty SSH client allows an attacker to achieve keystroke injection and command execution on the victim's SSH session by embedding a crafted base64-encoded filename within a terminal file-download escape sequence, which is then unescaped and rendered as raw HTML.