CVE Catalog

CVE-2026-54257

CriticalCVSS 9.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

In versions 42.3.1 to 42.3.3, the Electron framework has an issue with incorrect byte length calculations in Buffer, leading to heap buffer under/overflow. Most applications crash, and some may perform incorrect buffer allocations in the Node.js Buffer API, resulting in unexpected truncation or allocation.

Risk Assessment

Organizations may experience application crashes and incorrect behavior, potentially leading to data loss or improper information processing.

Recommendation

It is recommended to upgrade to version 42.3.3 or later to mitigate this vulnerability.

Original NVD description (English source)

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 42.3.1 until 42.3.3, Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow. Most apps will crash and some may perform incorrect buffer allocations in the Node.js Buffer API resulting in unexpected truncation or allocation. This vulnerability is fixed in 42.3.3.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS