Executive Summary

CVE-2026-45353 is a critical vulnerability in electerm versions 3.0.6 through 3.8.8 that allows local code execution without user interaction. The issue occurs because any process running under the same user can send a specially crafted JSON payload to electerm's single-instance socket or pipe, causing the application to create new tabs and potentially spawn attacker-controlled local processes.

The root cause involves improper control of code generation, incorrect permission assignment for critical resources, and improper verification of the source of communication channels. The vulnerability allows unsafe properties to be passed when opening deep links, which can lead to arbitrary code execution or environment manipulation.

The fix, introduced in version 3.9.0 and later, involves filtering out dangerous properties from IPC sources before creating new tabs, preventing unsafe commands from being executed.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts including unauthorized local code execution, which compromises the confidentiality, integrity, and availability of your system.

• An attacker with access to the same user account can execute arbitrary commands or spawn malicious processes on your machine.
• It can lead to unauthorized manipulation of the environment and potentially allow further exploitation or persistence on the system.
• Because the vulnerability requires no user interaction, it can be exploited silently and remotely by any local process under the same user.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves local code execution via electerm's single-instance socket or pipe, where an attacker can send a JSON payload to create tabs and spawn processes. Detection would involve monitoring for unexpected or unauthorized IPC (Inter-Process Communication) activity targeting electerm's socket or pipe.

Since the vulnerability is exploited locally by sending crafted JSON payloads, detection commands could include checking for unusual socket or pipe connections related to electerm.

• On Linux, use commands like `lsof -U | grep electerm` to identify Unix domain sockets used by electerm.
• Use `ps aux | grep electerm` to check for suspicious child processes spawned by electerm.
• Monitor IPC traffic or audit logs for unexpected JSON payloads sent to electerm's IPC channels.

However, no specific detection commands or signatures are provided in the available resources.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to upgrade electerm to version 3.9.0 or later, as the vulnerability is fixed starting from that version.

The fix involves sanitizing input from IPC sources to prevent unsafe properties from being passed when opening tabs, thereby preventing arbitrary code execution.

• Update electerm to version 3.9.0 or newer immediately.
• Restrict local access to electerm's IPC socket or pipe to trusted users only.
• Monitor and audit local IPC communications to detect any suspicious activity.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows local code execution without user interaction, enabling an attacker to execute arbitrary code and potentially manipulate the environment or spawn processes. Such unauthorized code execution and potential data manipulation can lead to breaches of confidentiality, integrity, and availability.

Because of these impacts, the vulnerability could affect compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and secure system operations to prevent unauthorized access or data breaches.

Failure to patch this vulnerability could result in non-compliance due to the risk of unauthorized data access or system compromise.

Useful 0 Not Useful 0