CVE-2026-43943
Remote Code Execution in Electerm SFTP Editor Feature
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| electerm_project | electerm | to 3.7.9 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
| CWE-88 | The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-43943 is a remote code execution vulnerability in the electerm application, specifically in its SFTP feature's "open with system editor" or "Edit with custom editor" functionality. Before version 3.7.9, when a user tries to edit a file using these features, the filename is passed directly to the command line without proper sanitization.
An attacker who controls the SSH server or the user's operating system can craft a malicious filename containing shell metacharacters. When the victim attempts to edit this file, the injected commands execute on their machine with the user's privileges, allowing the attacker to run arbitrary code.
This vulnerability arises from unsafe string interpolation in the code that handles file opening, enabling command injection attacks. The issue was fixed by changing the method to safely pass filenames as literal strings or properly escaped arguments.
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker to execute arbitrary code on your machine with your user privileges. This can lead to malware installation, unauthorized access, or lateral movement within your network.
Because the attack requires only that a user open a maliciously named file using the vulnerable feature, it can be triggered with low complexity and no prior privileges.
The impacts include potential compromise of confidentiality, integrity, and availability of your system and data.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves command injection through filenames when using electerm's SFTP feature to open files with a system or custom editor. Detection involves identifying if filenames with shell metacharacters are being passed unsanitized to system commands.
To detect exploitation attempts or presence of malicious filenames, you can monitor logs or SFTP sessions for filenames containing suspicious shell metacharacters such as semicolons (;), backticks (`), dollar signs ($), or quotes (" or ').
Since the vulnerability triggers when editing files with system or custom editors, you can also check for processes spawned by electerm that include suspicious command line arguments.
Suggested commands to help detect potential exploitation attempts include:
- On Unix-like systems, use process monitoring to find electerm editor commands with suspicious arguments, e.g.:
- ps aux | grep -E 'electerm.*(\;|`|\$|"|\')'
- Search SFTP server logs or electerm logs for filenames containing shell metacharacters:
- grep -E '(;|`|\$|"|\')' /path/to/sftp/logs/*
- Monitor network traffic for suspicious command injection patterns if possible.
Note that no specific detection commands are provided in the resources, so these suggestions are based on the nature of the vulnerability and typical detection methods for command injection.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to upgrade electerm to version 3.7.9 or later, where the vulnerability has been patched by properly sanitizing filenames before passing them to system commands.
Until you can upgrade, avoid using the 'open with system editor' or 'Edit with custom editor' features on files received from untrusted SSH servers or sources.
Use the built-in editor in electerm instead of external editors to reduce risk.
Ensure that connections are only made to trusted SSH servers and validate filenames rigorously before opening or editing.
Consider monitoring for suspicious filenames containing shell metacharacters and restrict or sanitize them if possible.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-43943 is a high-severity remote code execution vulnerability that allows an attacker to execute arbitrary code with the user's privileges by exploiting unsanitized filenames in electerm's SFTP editing features.
Such unauthorized code execution and potential malware installation or lateral movement within a network can lead to breaches of confidentiality, integrity, and availability of sensitive data.
This can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and compromise.
If exploited, this vulnerability could result in unauthorized data disclosure or alteration, violating data protection requirements and potentially leading to regulatory penalties.
Mitigation involves applying the patch in version 3.7.9 and avoiding use of vulnerable features with untrusted servers, which helps maintain compliance by reducing risk of exploitation.