CRITICAL SeverityCVSS 4.09.4CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CVE-2026-43944

Last updated May 08, 2026 · Published May 08, 2026

Description

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or opening a crafted shortcut/command that launches electerm with attacker-controlled opts. This issue has been patched in version 3.8.15.

Affected products

1 listed

electerm:electerm

Mappings

CWE

CWE-20CWE-829CWE-94

CAPEC

None listed.

Research

Command injection: how it works and how to prevent itCommand injection happens when untrusted input reaches a shell or process spawn. Avoid the shell, pass…
Template InjectionExplains how untrusted input can be executed by template engines on server or client. Covers safe templating…

Guides

Supply Chain Security FundamentalsSBOMs, dependency verification, supplier assessment, and provenance for development teams.

Training

Input Validation and Schema EnforcementValidate early, validate strictly - schemas, allowlists, and type-safe boundaries.
Dependency and Supply Chain ManagementSBOMs, lock files, and surviving the next big supply chain attack.
Artifact Signing and ProvenanceSigstore, SLSA, and proving your software is what you say it is.

CVE-2026-43944

Description

Affected products

Mappings

Related