5.3
CVE-2026-34776
- EPSS 0.22%
- Veröffentlicht 03.04.2026 23:56:42
- Zuletzt bearbeitet 27.04.2026 13:09:54
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Electron: Out-of-bounds read in second-instance IPC on macOS and Linux
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on macOS and Linux, apps that call app.requestSingleInstanceLock() were vulnerable to an out-of-bounds heap read when parsing a crafted second-instance message. Leaked memory could be delivered to the app's second-instance event handler. This issue is limited to processes running as the same user as the Electron app. Apps that do not call app.requestSingleInstanceLock() are not affected. Windows is not affected by this issue. This issue has been patched in versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Electronjs ≫ Electron SwPlatformnode.js Version < 38.8.6
Electronjs ≫ Electron SwPlatformnode.js Version >= 39.0.0 < 39.8.1
Electronjs ≫ Electron SwPlatformnode.js Version >= 40.0.0 < 40.8.1
Electronjs ≫ Electron Version41.0.0 Updatealpha1 SwPlatformnode.js
Electronjs ≫ Electron Version41.0.0 Updatealpha2 SwPlatformnode.js
Electronjs ≫ Electron Version41.0.0 Updatealpha3 SwPlatformnode.js
Electronjs ≫ Electron Version41.0.0 Updatealpha4 SwPlatformnode.js
Electronjs ≫ Electron Version41.0.0 Updatealpha5 SwPlatformnode.js
Electronjs ≫ Electron Version41.0.0 Updatealpha6 SwPlatformnode.js
Electronjs ≫ Electron Version41.0.0 Updatebeta1 SwPlatformnode.js
Electronjs ≫ Electron Version41.0.0 Updatebeta2 SwPlatformnode.js
Electronjs ≫ Electron Version41.0.0 Updatebeta3 SwPlatformnode.js
Electronjs ≫ Electron Version41.0.0 Updatebeta4 SwPlatformnode.js
Electronjs ≫ Electron Version41.0.0 Updatebeta5 SwPlatformnode.js
Electronjs ≫ Electron Version41.0.0 Updatebeta6 SwPlatformnode.js
Electronjs ≫ Electron Version41.0.0 Updatebeta7 SwPlatformnode.js
Electronjs ≫ Electron Version41.0.0 Updatebeta8 SwPlatformnode.js
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.121 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| security-advisories@github.com | 5.3 | 1 | 4.2 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
https://github.com/electron/electron/security/advisories/GHSA-3c8v-cfp5-9885