CVE-2024-41815: Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable
highvulnerability
security
Summary
Starship is a cross-shell prompt (a tool that customizes how your terminal looks and behaves across different shells). From version 1.0.0 through 1.19.x, the tool had unclear rules for shell expansion and quoting (how special characters are interpreted), making it easy to accidentally create shell injection vulnerabilities (where untrusted input is executed as commands) when using custom commands in bash. This mainly affects users who have set up custom commands in Starship.
Solution / Mitigation
Upgrade to version 1.20.0, which fixes the vulnerability.
Vulnerability Details
CVSS Score
7.4(high)
EPSS (30-day exploit probability)
EPSS: 0.3%
Classification
Attack SophisticationModerate
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-41815
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 95%