VYPR

Electerm

by Electerm

npm: electerm

Source repositories

CVEs (11)

  • CVE-2026-43941CriMay 8, 2026
    risk 0.62cvss 9.6epss 0.00

    electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who…

  • CVE-2026-45058CriMay 28, 2026
    risk 0.61cvss epss 0.00

    electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookmark JSON files or who have electerm sync…

  • CVE-2026-41501CriMay 8, 2026
    risk 0.57cvss 9.8epss 0.01

    electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:130. The runLinux() function appends attacker-controlled remote version…

  • CVE-2026-41500CriMay 8, 2026
    risk 0.57cvss 9.8epss 0.02

    electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac() function appends attacker-controlled remote releaseInfo.name…

  • CVE-2026-43944CriMay 8, 2026
    risk 0.55cvss 9.6epss 0.00

    electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted…

  • CVE-2026-45787CriMay 28, 2026
    risk 0.52cvss 9.1epss 0.00

    electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can…

  • CVE-2026-43940HigMay 8, 2026
    risk 0.48cvss 8.4epss 0.00

    electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.16, the runWidget function in src/app/widgets/load-widget.js constructs a file path by directly concatenating user‑supplied widget identifiers without any…

  • CVE-2026-45353HigMay 28, 2026
    risk 0.44cvss 7.8epss 0.00

    electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0.

  • CVE-2026-43943HigMay 8, 2026
    risk 0.44cvss 7.8epss 0.00

    electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution (RCE) vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using…

  • CVE-2026-43942MedMay 8, 2026
    risk 0.36cvss 5.5epss 0.00

    electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, the getConstants() IPC handler in src/app/lib/ipc-sync.js serialises the entire process.env object and sends it to the renderer. The data is stored as…

  • CVE-2020-23256Jan 20, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Electerm 1.3.22, allows attackers to execute arbitrary code via unverified request to electerms service.