CVE-2026-34774 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: April 4, 2026
Electron - Use After Free
Published: April 4, 2026Updated: April 4, 2026Remote Exploitable
Overview
Electron < 39.8.1, < 40.7.0, and < 41.0.0 contain a use-after-free caused by dereferencing freed memory in child windows when parent offscreen WebContents is destroyed, letting attackers cause crashes or memory corruption, exploit requires use of offscreen rendering and allowed child windows.
Severity & Score
Severity: High
CVSS Score: 8.1
Impact
Attackers can cause application crashes or memory corruption, potentially leading to denial of service or further exploitation.
Mitigation
Update to versions 39.8.1, 40.7.0, 41.0.0 or later.
Related Resources
Details
- CVE ID
- CVE-2026-34774
- Severity
- High
- CVSS Score
- 8.1
- Type
- use_after_free
- Status
- new
CWE
- CWE-416
CVSS Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H