CVE-2026-43944 - Vulnerability Analysis
CriticalCVSS: 9.6Last Updated: May 8, 2026
electerm - Command Injection
Published: May 8, 2026Updated: May 8, 2026Remote Exploitable
Overview
electerm 3.0.6 to < 3.8.15 contains a command injection caused by processing crafted deep links, CLI options, or shortcuts, letting attackers execute arbitrary local code, exploit requires user to click crafted electerm:// link or open crafted shortcut.
Severity & Score
Severity: Critical
CVSS Score: 9.6
Impact
Attackers can execute arbitrary local code, potentially compromising the user's system.
Mitigation
Update to version 3.8.15 or later.
References
- https://github.com/electerm/electerm/commit/8a6a17951e96d715f5a231532bbd8303fe208700
- https://github.com/electerm/electerm/commit/a79e06f4a1f0ac6376c3d2411ef4690fa0377742
- https://github.com/electerm/electerm/releases/tag/v3.8.15
- https://github.com/electerm/electerm/security/advisories/GHSA-mpm8-cx2p-626q
Related Resources
Details
- CVE ID
- CVE-2026-43944
- Severity
- Critical
- CVSS Score
- 9.6
- Type
- command_injection
- Status
- confirmed
CWE
- CWE-20
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H