216.73.217.98

CVE-2026-45058

· Published 28/05/2026 18:16 · Modified 28/05/2026 18:16

Labels: CVE-2026-45058 2026-05-28CVE-2026-45058CWE-94[email protected]

Essential information

Published
28/05/2026 18:16
Modified
28/05/2026 18:16
Author
Creator
CVSS
9.4 CRITICAL (v3) 9.4 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookmark JSON files or who have electerm sync configured (gist/WebDAV). The attacker can inject exec* fields or global config to cause remote code to run when a bookmark is opened or when sync is applied.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
electerm / electerm cpe:2.3:a:electerm:electerm:<3.8.8:*:*:*:*:*:*:*
electerm / electerm cpe:2.3:a:electerm:electerm:3.8.8:*:*:*:*:*:*:*

References