VYPR
Critical severity9.6GHSA Advisory· Published May 8, 2026· Updated May 13, 2026

CVE-2026-43944

CVE-2026-43944

Description

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or opening a crafted shortcut/command that launches electerm with attacker-controlled opts. This issue has been patched in version 3.8.15.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
electermnpm
>= 3.0.6, < 3.8.83.8.8

Affected products

3
  • Electerm/ElectermGHSA2 versions
    >= 3.0.6, < 3.8.15+ 1 more
    • (no CPE)range: >= 3.0.6, < 3.8.15
    • cpe:2.3:a:electerm_project:electerm:*:*:*:*:*:*:*:*range: >=3.0.6,<3.8.15
  • ghsa-coords
    Range: >= 3.0.6, < 3.8.8

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.