CVE-2026-34770
Received Received - Intake
Use-After-Free in Electron powerMonitor Module Causes Memory Corruption

Publication date: 2026-04-04

Last updated on: 2026-04-22

Assigner: GitHub, Inc.

Description
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, apps that use the powerMonitor module may be vulnerable to a use-after-free. After the native PowerMonitor object is garbage-collected, the associated OS-level resources (a message window on Windows, a shutdown handler on macOS) retain dangling references. A subsequent session-change event (Windows) or system shutdown (macOS) dereferences freed memory, which may lead to a crash or memory corruption. All apps that access powerMonitor events (suspend, resume, lock-screen, etc.) are potentially affected. The issue is not directly renderer-controllable. This issue has been patched in versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-04
Last Modified
2026-04-22
Generated
2026-06-16
AI Q&A
2026-04-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34770
Affected Vendors & Products
Showing 16 associated CPEs
Vendor Product Version / Range
electronjs electron 41.0.0
electronjs electron 41.0.0
electronjs electron 41.0.0
electronjs electron 41.0.0
electronjs electron 41.0.0
electronjs electron 41.0.0
electronjs electron 41.0.0
electronjs electron 41.0.0
electronjs electron 41.0.0
electronjs electron 41.0.0
electronjs electron 41.0.0
electronjs electron 41.0.0
electronjs electron 41.0.0
electronjs electron to 38.8.6 (exc)
electronjs electron From 39.0.0 (inc) to 39.8.1 (exc)
electronjs electron From 40.0.0 (inc) to 40.8.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-34770 is a high-severity use-after-free vulnerability in the PowerMonitor module of the Electron framework affecting Windows and macOS platforms.

The issue occurs when the native PowerMonitor object is garbage-collected, but the associated operating system resourcesβ€”specifically, a message window on Windows and a shutdown handler on macOSβ€”retain dangling references to freed memory.

Subsequent events, such as session changes on Windows or system shutdowns on macOS, trigger dereferencing of this freed memory, potentially causing application crashes or memory corruption.

All Electron applications that use powerMonitor events like suspend, resume, and lock-screen are potentially affected.

The flaw is not directly controllable from the renderer process, and no application-level workarounds exist; updating to patched Electron versions is mandatory.

Impact Analysis

This vulnerability can lead to application crashes or memory corruption when certain powerMonitor events occur, such as session changes on Windows or system shutdowns on macOS.

Because it is a use-after-free issue, it can compromise the stability and reliability of Electron applications that rely on the powerMonitor module.

The CVSS v3.1 score rates the impact on confidentiality, integrity, and availability as high, indicating that memory corruption could potentially be exploited to affect these security properties.

Detection Guidance

There are no specific detection commands or network-based indicators provided for this vulnerability. It is a use-after-free issue in the Electron framework's PowerMonitor module that manifests when certain OS-level events occur, potentially causing application crashes or memory corruption.

Detection would primarily involve identifying if your Electron applications are running vulnerable versions prior to 38.8.6, 39.8.1, 40.8.0, or 41.0.0-beta.8, and monitoring for crashes or abnormal behavior related to powerMonitor events such as suspend, resume, or lock-screen.

Mitigation Strategies

The only effective mitigation is to update Electron to one of the patched versions: 38.8.6, 39.8.1, 40.8.0, or 41.0.0-beta.8.

No application-level workarounds exist because the issue is not directly controllable from the renderer process.

After updating, ensure that your applications are rebuilt and redeployed to prevent exploitation of this use-after-free vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34770. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart