CVE-2026-43944
Analyzed Analyzed - Analysis Complete
Arbitrary Local Code Execution in Electerm

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: GitHub, Inc.

Description
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or opening a crafted shortcut/command that launches electerm with attacker-controlled opts. This issue has been patched in version 3.8.15.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-43944
EUVD
EUVD-2026-28516
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
electerm_project electerm From 3.0.6 (inc) to 3.8.15 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-829 The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-43944 is a critical vulnerability in the electerm application, an open-source terminal and remote connection client. Versions from 3.0.6 up to before 3.8.15 are affected. The vulnerability allows an attacker to execute arbitrary local code by exploiting deep links, command-line interface options, or specially crafted shortcuts that launch electerm with attacker-controlled parameters.

The exploit requires a user to click a malicious electerm:// protocol link or open a crafted shortcut or command that passes attacker-controlled options to electerm. This happens due to improper input validation and code injection weaknesses in how electerm processes these inputs.

The issue has been patched in version 3.8.15 by adding checks to prevent directory traversal in execution paths, filtering out dangerous options keys, and enhancing deep link property validation.

Detection Guidance

This vulnerability can be detected by checking if the installed version of electerm is between 3.0.6 and before 3.8.15, as these versions are vulnerable to arbitrary local code execution via crafted deep links, CLI options, or shortcuts.

To detect potential exploitation attempts on your system or network, monitor for any usage or invocation of electerm with suspicious electerm:// deep links or unusual command-line options that could be attacker-controlled.

Specific commands to check the installed version of electerm include:

  • electerm --version

To detect running electerm processes or suspicious command-line arguments, you can use:

  • ps aux | grep electerm
  • netstat -anp | grep electerm

Additionally, monitoring logs or user activity for clicks on electerm:// links or execution of shortcuts that launch electerm with unusual parameters can help detect exploitation attempts.

Mitigation Strategies

The primary immediate mitigation step is to upgrade electerm to version 3.8.15 or later, where the vulnerability has been patched.

If upgrading immediately is not possible, temporary mitigations include:

  • Disable electerm protocol handlers to prevent automatic launching via electerm:// deep links.
  • Avoid opening untrusted CLI options or shortcuts that launch electerm.
  • Restrict user access to electerm to trusted users only.
  • Run electerm in a confined or sandboxed environment to limit potential damage from exploitation.

These steps help reduce the risk of arbitrary code execution until the patched version is deployed.

Compliance Impact

The vulnerability in electerm allows arbitrary local code execution via crafted deep links, CLI options, or shortcuts, which can lead to unauthorized access and control over affected systems.

Such a security flaw can impact compliance with common standards and regulations like GDPR and HIPAA because it threatens the confidentiality, integrity, and availability of sensitive data and systems.

If exploited, this vulnerability could result in data breaches or unauthorized data manipulation, which are violations of these regulations' requirements for protecting personal and sensitive information.

Therefore, organizations using vulnerable versions of electerm may face increased risk of non-compliance unless they apply the available patches or mitigations.

Impact Analysis

This vulnerability can have severe impacts including arbitrary local code execution on the affected system. An attacker can run malicious code with the privileges of the user running electerm by tricking them into clicking a crafted link or opening a malicious shortcut.

The CVSS score of 9.4 indicates high severity, with potential impacts on confidentiality, integrity, and availability of the system and possibly other connected systems.

Because the attack requires only user interaction (clicking a link or opening a shortcut) and no special privileges, it poses a significant risk especially in environments where electerm is used.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43944. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart