electerm
npm8 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting electermpage 1 of 1
- CVE-2020-23256CRITICALCVSS 9.8EG 9.82023-01-20
An issue was discovered in Electerm 1.3.22, allows attackers to execute arbitrary code via unverified request to electerms service.
- CVE-2026-41500CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.3.82026-05-08
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac() function appends att…
- CVE-2026-41501CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.3.82026-05-08
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:130. The runLinux() function appends a…
- CVE-2026-43940HIGHCVSS 8.4EG 8.4✓ Fixed in 3.7.162026-05-08
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.16, the runWidget function in src/app/widgets/load-widget.js constructs a file path by directly concatenating user‑supplied wi…
- CVE-2026-43941CRITICALCVSS 9.6EG 8.82026-05-08
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any…
- CVE-2026-43942MEDIUMCVSS 5.5EG 6.52026-05-08
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, the getConstants() IPC handler in src/app/lib/ipc-sync.js serialises the entire process.env object and sends it to the …
- CVE-2026-43943HIGHCVSS 7.8EG 7.8✓ Fixed in 3.7.92026-05-08
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution (RCE) vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. …
- CVE-2026-43944CRITICALCVSS 9.6EG 9.6✓ Fixed in 3.8.82026-05-08
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Expl…
Check whether electerm is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for electerm CVEs against the assets you own.
Start Free Scan →