Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.3
Tophat: Malicious URLs Can Execute Code on Dev Workstations
CVE-2026-39862
Summary
If you use Tophat, a testing tool for mobile apps, on a Mac, an attacker can trick it into running malicious code on your computer. This can happen if you visit a specially crafted URL, and it can let the attacker do anything on your computer that you can do. Update to version 2.5.1 to fix this issue.
Original title
Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code execution via crafted tophat:// or http://localhost:29070 URLs. The arguments query parameter flow...
Original description
Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code execution via crafted tophat:// or http://localhost:29070 URLs. The arguments query parameter flows unsanitized from URL parsing through to /bin/bash -c execution, allowing an attacker to execute arbitrary commands on a developer's macOS workstation. Any developer with Tophat installed is vulnerable. For previously trusted build hosts, no confirmation dialog appears. Attacker commands run with the user's permissions. This vulnerability is fixed in 2.5.1.
nvd CVSS4.0
6.3
Vulnerability type
CWE-78
OS Command Injection
Published: 8 Apr 2026 · Updated: 8 Apr 2026 · First seen: 8 Apr 2026