CVE-2026-34769

EPSS 0.02%
Veröffentlicht 03.04.2026 23:33:55
Zuletzt bearbeitet 09.04.2026 16:01:32
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. Apps that construct webPreferences by spreading untrusted configuration objects may inadvertently allow an attacker to inject switches that disable renderer sandboxing or web security controls. Apps are only affected if they construct webPreferences from external or untrusted input without an allowlist. Apps that use a fixed, hardcoded webPreferences object are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Electronjs ≫ Electron SwPlatformnode.js Version < 38.8.6

Electronjs ≫ Electron SwPlatformnode.js Version >= 39.0.0 < 39.8.0

Electronjs ≫ Electron SwPlatformnode.js Version >= 40.0.0 < 40.7.0

Electronjs ≫ Electron Version41.0.0 Updatealpha1 SwPlatformnode.js

Electronjs ≫ Electron Version41.0.0 Updatealpha2 SwPlatformnode.js

Electronjs ≫ Electron Version41.0.0 Updatealpha3 SwPlatformnode.js

Electronjs ≫ Electron Version41.0.0 Updatealpha4 SwPlatformnode.js

Electronjs ≫ Electron Version41.0.0 Updatealpha5 SwPlatformnode.js

Electronjs ≫ Electron Version41.0.0 Updatealpha6 SwPlatformnode.js

Electronjs ≫ Electron Version41.0.0 Updatebeta1 SwPlatformnode.js

Electronjs ≫ Electron Version41.0.0 Updatebeta2 SwPlatformnode.js

Electronjs ≫ Electron Version41.0.0 Updatebeta3 SwPlatformnode.js

Electronjs ≫ Electron Version41.0.0 Updatebeta4 SwPlatformnode.js

Electronjs ≫ Electron Version41.0.0 Updatebeta5 SwPlatformnode.js

Electronjs ≫ Electron Version41.0.0 Updatebeta6 SwPlatformnode.js

Electronjs ≫ Electron Version41.0.0 Updatebeta7 SwPlatformnode.js

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.06

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
security-advisories@github.com	7.7	1	6	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

CWE-912 Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

https://github.com/electron/electron/security/advisories/GHSA-9wfr-w7mm-pc7f

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-34769

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-34769

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-34769

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-34769