CVE-2026-43944
Arbitrary Local Code Execution in Electerm
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| electerm_project | electerm | From 3.0.6 (inc) to 3.8.15 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-829 | The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the installed version of electerm is between 3.0.6 and before 3.8.15, as these versions are vulnerable to arbitrary local code execution via crafted deep links, CLI options, or shortcuts.
To detect potential exploitation attempts on your system or network, monitor for any usage or invocation of electerm with suspicious electerm:// deep links or unusual command-line options that could be attacker-controlled.
Specific commands to check the installed version of electerm include:
- electerm --version
To detect running electerm processes or suspicious command-line arguments, you can use:
- ps aux | grep electerm
- netstat -anp | grep electerm
Additionally, monitoring logs or user activity for clicks on electerm:// links or execution of shortcuts that launch electerm with unusual parameters can help detect exploitation attempts.
Can you explain this vulnerability to me?
CVE-2026-43944 is a critical vulnerability in the electerm application, an open-source terminal and remote connection client. Versions from 3.0.6 up to before 3.8.15 are affected. The vulnerability allows an attacker to execute arbitrary local code by exploiting deep links, command-line interface options, or specially crafted shortcuts that launch electerm with attacker-controlled parameters.
The exploit requires a user to click a malicious electerm:// protocol link or open a crafted shortcut or command that passes attacker-controlled options to electerm. This happens due to improper input validation and code injection weaknesses in how electerm processes these inputs.
The issue has been patched in version 3.8.15 by adding checks to prevent directory traversal in execution paths, filtering out dangerous options keys, and enhancing deep link property validation.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including arbitrary local code execution on the affected system. An attacker can run malicious code with the privileges of the user running electerm by tricking them into clicking a crafted link or opening a malicious shortcut.
The CVSS score of 9.4 indicates high severity, with potential impacts on confidentiality, integrity, and availability of the system and possibly other connected systems.
Because the attack requires only user interaction (clicking a link or opening a shortcut) and no special privileges, it poses a significant risk especially in environments where electerm is used.
What immediate steps should I take to mitigate this vulnerability?
The primary immediate mitigation step is to upgrade electerm to version 3.8.15 or later, where the vulnerability has been patched.
If upgrading immediately is not possible, temporary mitigations include:
- Disable electerm protocol handlers to prevent automatic launching via electerm:// deep links.
- Avoid opening untrusted CLI options or shortcuts that launch electerm.
- Restrict user access to electerm to trusted users only.
- Run electerm in a confined or sandboxed environment to limit potential damage from exploitation.
These steps help reduce the risk of arbitrary code execution until the patched version is deployed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in electerm allows arbitrary local code execution via crafted deep links, CLI options, or shortcuts, which can lead to unauthorized access and control over affected systems.
Such a security flaw can impact compliance with common standards and regulations like GDPR and HIPAA because it threatens the confidentiality, integrity, and availability of sensitive data and systems.
If exploited, this vulnerability could result in data breaches or unauthorized data manipulation, which are violations of these regulations' requirements for protecting personal and sensitive information.
Therefore, organizations using vulnerable versions of electerm may face increased risk of non-compliance unless they apply the available patches or mitigations.