CVE-2026-34775
Description
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers spawned in frames configured with nodeIntegrationInWorker: false could still receive Node.js integration. Apps are only affected if they enable nodeIntegrationInWorker. Apps that do not use nodeIntegrationInWorker are not affected. This issue has been patched in versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
electronnpm | < 38.8.6 | 38.8.6 |
electronnpm | >= 39.0.0-alpha.1, < 39.8.4 | 39.8.4 |
electronnpm | >= 40.0.0-alpha.1, < 40.8.4 | 40.8.4 |
electronnpm | >= 41.0.0-alpha.1, < 41.0.0 | 41.0.0 |
Affected products
16cpe:2.3:a:electronjs:electron:41.0.0:alpha1:*:*:*:node.js:*:*+ 14 more
- cpe:2.3:a:electronjs:electron:41.0.0:alpha1:*:*:*:node.js:*:*
- cpe:2.3:a:electronjs:electron:41.0.0:alpha2:*:*:*:node.js:*:*
- cpe:2.3:a:electronjs:electron:41.0.0:alpha3:*:*:*:node.js:*:*
- cpe:2.3:a:electronjs:electron:41.0.0:alpha4:*:*:*:node.js:*:*
- cpe:2.3:a:electronjs:electron:41.0.0:alpha5:*:*:*:node.js:*:*
- cpe:2.3:a:electronjs:electron:41.0.0:alpha6:*:*:*:node.js:*:*
- cpe:2.3:a:electronjs:electron:41.0.0:beta1:*:*:*:node.js:*:*
- cpe:2.3:a:electronjs:electron:41.0.0:beta2:*:*:*:node.js:*:*
- cpe:2.3:a:electronjs:electron:41.0.0:beta3:*:*:*:node.js:*:*
- cpe:2.3:a:electronjs:electron:41.0.0:beta4:*:*:*:node.js:*:*
- cpe:2.3:a:electronjs:electron:41.0.0:beta5:*:*:*:node.js:*:*
- cpe:2.3:a:electronjs:electron:41.0.0:beta6:*:*:*:node.js:*:*
- cpe:2.3:a:electronjs:electron:41.0.0:beta7:*:*:*:node.js:*:*
- cpe:2.3:a:electronjs:electron:41.0.0:beta8:*:*:*:node.js:*:*
- cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*range: <38.8.6
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-xwr5-m59h-vwqrghsaADVISORY
- github.com/electron/electron/security/advisories/GHSA-xwr5-m59h-vwqrnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-34775ghsaADVISORY
News mentions
0No linked articles in our index yet.