โ† Back to Dashboard

CVE-2026-41500

CRITICAL NVD
CVSS Score
9.8
Severity
CRITICAL
Source
NVD
Published
May 08, 2026
Description

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac() function appends attacker-controlled remote releaseInfo.name directly into an exec("open ...") command without validation. This issue has been patched in version 3.3.8.

View Full Details โ† Back