CVE Catalog

CVE-2026-43944

Critical
Published: Translated: NVD NIST

Summary

Electerm, a terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client, is vulnerable to arbitrary local code execution in versions from 3.0.6 to before 3.8.15. Exploiting this vulnerability requires clicking a crafted electerm://... link or opening a crafted shortcut/command.

Risk Assessment

Exploitation of this vulnerability may lead to unauthorized code execution on the victim's system, posing a significant security risk to the organization.

Recommendation

It is recommended to update Electerm to version 3.8.15 or later to mitigate this vulnerability.

Original NVD description (English source)

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or opening a crafted shortcut/command that launches electerm with attacker-controlled opts. This issue has been patched in version 3.8.15.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS