CVE-2026-43944

EPSS 0.36%
Veröffentlicht 08.05.2026 03:08:09
Zuletzt bearbeitet 13.05.2026 14:17:56
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

electerm: dangerous code can be run through links or command line

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or opening a crafted shortcut/command that launches electerm with attacker-controlled opts. This issue has been patched in version 3.8.15.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 3 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Electerm Project ≫ Electerm Version >= 3.0.6 < 3.8.15

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.28

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.6	2.8	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
security-advisories@github.com	9.4	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-829 Inclusion of Functionality from Untrusted Control Sphere

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://github.com/electerm/electerm/security/advisories/GHSA-mpm8-cx2p-626q

Patch

Vendor Advisory

Mitigation

https://github.com/electerm/electerm/commit/8a6a17951e96d715f5a231532bbd8303fe208700

Patch

https://github.com/electerm/electerm/commit/a79e06f4a1f0ac6376c3d2411ef4690fa0377742

Patch

https://github.com/electerm/electerm/releases/tag/v3.8.15

Release Notes

https://github.com/electerm/electerm/commit/0599e67069b00e376a2e962649aaad6096e63507

https://nvd.nist.gov/vuln/detail/CVE-2026-43944