CVE-2026-45353
Remote Code Execution in Electerm
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| electerm | electerm | 3.9.0 |
| electerm | electerm | From 3.0.6 (inc) to 3.8.8 (inc) |
| electerm | electerm | 3.9.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
| CWE-940 | The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-45353 is a critical vulnerability in electerm versions 3.0.6 through 3.8.8 that allows local code execution without user interaction. The issue occurs because any process running under the same user can send a specially crafted JSON payload to electerm's single-instance socket or pipe, causing the application to create new tabs and potentially spawn attacker-controlled local processes.
The root cause involves improper control of code generation, incorrect permission assignment for critical resources, and improper verification of the source of communication channels. The vulnerability allows unsafe properties to be passed when opening deep links, which can lead to arbitrary code execution or environment manipulation.
The fix, introduced in version 3.9.0 and later, involves filtering out dangerous properties from IPC sources before creating new tabs, preventing unsafe commands from being executed.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized local code execution, which compromises the confidentiality, integrity, and availability of your system.
- An attacker with access to the same user account can execute arbitrary commands or spawn malicious processes on your machine.
- It can lead to unauthorized manipulation of the environment and potentially allow further exploitation or persistence on the system.
- Because the vulnerability requires no user interaction, it can be exploited silently and remotely by any local process under the same user.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves local code execution via electerm's single-instance socket or pipe, where an attacker can send a JSON payload to create tabs and spawn processes. Detection would involve monitoring for unexpected or unauthorized IPC (Inter-Process Communication) activity targeting electerm's socket or pipe.
Since the vulnerability is exploited locally by sending crafted JSON payloads, detection commands could include checking for unusual socket or pipe connections related to electerm.
- On Linux, use commands like `lsof -U | grep electerm` to identify Unix domain sockets used by electerm.
- Use `ps aux | grep electerm` to check for suspicious child processes spawned by electerm.
- Monitor IPC traffic or audit logs for unexpected JSON payloads sent to electerm's IPC channels.
However, no specific detection commands or signatures are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade electerm to version 3.9.0 or later, as the vulnerability is fixed starting from that version.
The fix involves sanitizing input from IPC sources to prevent unsafe properties from being passed when opening tabs, thereby preventing arbitrary code execution.
- Update electerm to version 3.9.0 or newer immediately.
- Restrict local access to electerm's IPC socket or pipe to trusted users only.
- Monitor and audit local IPC communications to detect any suspicious activity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows local code execution without user interaction, enabling an attacker to execute arbitrary code and potentially manipulate the environment or spawn processes. Such unauthorized code execution and potential data manipulation can lead to breaches of confidentiality, integrity, and availability.
Because of these impacts, the vulnerability could affect compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and secure system operations to prevent unauthorized access or data breaches.
Failure to patch this vulnerability could result in non-compliance due to the risk of unauthorized data access or system compromise.