Home / Vulnerability Intelligence / CVE-2026-43941

CVE-2026-43941 - Vulnerability Analysis

CriticalCVSS: 9.6

Last Updated: May 8, 2026

Electerm - Client Script Execution

Published: May 8, 2026Updated: May 8, 2026Remote Exploitable

Overview

Electerm <= 3.8.15 contains a client script execution vulnerability caused by lack of protocol validation in terminal hyperlink handler, letting attackers achieve arbitrary code execution or local file access when victim clicks a malicious link.

Severity & Score

Severity: Critical

CVSS Score: 9.6

Impact

Attackers can execute arbitrary code or access local files if the victim clicks a malicious terminal link.

Mitigation

Update to the latest version once a patch is available.

References

https://github.com/electerm/electerm/security/advisories/GHSA-fwf6-j56g-m97c

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-43941
Severity: Critical
CVSS Score: 9.6
Type: client_script_exec
Status: confirmed

CWE

CWE-88

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H