CVE-2026-34775

EPSS 0.29%
Veröffentlicht 03.04.2026 23:55:20
Zuletzt bearbeitet 22.04.2026 17:49:37
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers spawned in frames configured with nodeIntegrationInWorker: false could still receive Node.js integration. Apps are only affected if they enable nodeIntegrationInWorker. Apps that do not use nodeIntegrationInWorker are not affected. This issue has been patched in versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 17 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Electronjs ≫ Electron SwPlatformnode.js Version < 38.8.6

Electronjs ≫ Electron SwPlatformnode.js Version >= 39.0.0 < 39.8.4

Electronjs ≫ Electron SwPlatformnode.js Version >= 40.0.0 < 40.8.4

Electronjs ≫ Electron Version41.0.0 Updatealpha1 SwPlatformnode.js

Electronjs ≫ Electron Version41.0.0 Updatealpha2 SwPlatformnode.js

Electronjs ≫ Electron Version41.0.0 Updatealpha3 SwPlatformnode.js

Electronjs ≫ Electron Version41.0.0 Updatealpha4 SwPlatformnode.js

Electronjs ≫ Electron Version41.0.0 Updatealpha5 SwPlatformnode.js

Electronjs ≫ Electron Version41.0.0 Updatealpha6 SwPlatformnode.js

Electronjs ≫ Electron Version41.0.0 Updatebeta1 SwPlatformnode.js

Electronjs ≫ Electron Version41.0.0 Updatebeta2 SwPlatformnode.js

Electronjs ≫ Electron Version41.0.0 Updatebeta3 SwPlatformnode.js

Electronjs ≫ Electron Version41.0.0 Updatebeta4 SwPlatformnode.js

Electronjs ≫ Electron Version41.0.0 Updatebeta5 SwPlatformnode.js

Electronjs ≫ Electron Version41.0.0 Updatebeta6 SwPlatformnode.js

Electronjs ≫ Electron Version41.0.0 Updatebeta7 SwPlatformnode.js

Electronjs ≫ Electron Version41.0.0 Updatebeta8 SwPlatformnode.js

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.203

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	6.8	1.6	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-653 Improper Isolation or Compartmentalization

The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.

https://github.com/electron/electron/security/advisories/GHSA-xwr5-m59h-vwqr

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-34775

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-34775

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-34775

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-34775