Critical severity9.6GHSA Advisory· Published May 8, 2026· Updated May 13, 2026
CVE-2026-43944
CVE-2026-43944
Description
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or opening a crafted shortcut/command that launches electerm with attacker-controlled opts. This issue has been patched in version 3.8.15.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
electermnpm | >= 3.0.6, < 3.8.8 | 3.8.8 |
Affected products
3Patches
Vulnerability mechanics
References
7- github.com/electerm/electerm/commit/8a6a17951e96d715f5a231532bbd8303fe208700nvdPatchWEB
- github.com/electerm/electerm/commit/a79e06f4a1f0ac6376c3d2411ef4690fa0377742nvdPatchWEB
- github.com/electerm/electerm/security/advisories/GHSA-mpm8-cx2p-626qnvdMitigationPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-mpm8-cx2p-626qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-43944ghsaADVISORY
- github.com/electerm/electerm/commit/0599e67069b00e376a2e962649aaad6096e63507nvdWEB
- github.com/electerm/electerm/releases/tag/v3.8.15nvdRelease NotesWEB
News mentions
0No linked articles in our index yet.