CVE-2026-34770
Use-After-Free in Electron powerMonitor Module Causes Memory Corruption
Publication date: 2026-04-04
Last updated on: 2026-04-22
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| electronjs | electron | 41.0.0 |
| electronjs | electron | 41.0.0 |
| electronjs | electron | 41.0.0 |
| electronjs | electron | 41.0.0 |
| electronjs | electron | 41.0.0 |
| electronjs | electron | 41.0.0 |
| electronjs | electron | 41.0.0 |
| electronjs | electron | 41.0.0 |
| electronjs | electron | 41.0.0 |
| electronjs | electron | 41.0.0 |
| electronjs | electron | 41.0.0 |
| electronjs | electron | 41.0.0 |
| electronjs | electron | 41.0.0 |
| electronjs | electron | to 38.8.6 (exc) |
| electronjs | electron | From 39.0.0 (inc) to 39.8.1 (exc) |
| electronjs | electron | From 40.0.0 (inc) to 40.8.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-34770 is a high-severity use-after-free vulnerability in the PowerMonitor module of the Electron framework affecting Windows and macOS platforms.
The issue occurs when the native PowerMonitor object is garbage-collected, but the associated operating system resourcesβspecifically, a message window on Windows and a shutdown handler on macOSβretain dangling references to freed memory.
Subsequent events, such as session changes on Windows or system shutdowns on macOS, trigger dereferencing of this freed memory, potentially causing application crashes or memory corruption.
All Electron applications that use powerMonitor events like suspend, resume, and lock-screen are potentially affected.
The flaw is not directly controllable from the renderer process, and no application-level workarounds exist; updating to patched Electron versions is mandatory.
How can this vulnerability impact me? :
This vulnerability can lead to application crashes or memory corruption when certain powerMonitor events occur, such as session changes on Windows or system shutdowns on macOS.
Because it is a use-after-free issue, it can compromise the stability and reliability of Electron applications that rely on the powerMonitor module.
The CVSS v3.1 score rates the impact on confidentiality, integrity, and availability as high, indicating that memory corruption could potentially be exploited to affect these security properties.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands or network-based indicators provided for this vulnerability. It is a use-after-free issue in the Electron framework's PowerMonitor module that manifests when certain OS-level events occur, potentially causing application crashes or memory corruption.
Detection would primarily involve identifying if your Electron applications are running vulnerable versions prior to 38.8.6, 39.8.1, 40.8.0, or 41.0.0-beta.8, and monitoring for crashes or abnormal behavior related to powerMonitor events such as suspend, resume, or lock-screen.
What immediate steps should I take to mitigate this vulnerability?
The only effective mitigation is to update Electron to one of the patched versions: 38.8.6, 39.8.1, 40.8.0, or 41.0.0-beta.8.
No application-level workarounds exist because the issue is not directly controllable from the renderer process.
After updating, ensure that your applications are rebuilt and redeployed to prevent exploitation of this use-after-free vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.