CVE-2026-45353

Published: Mag 28, 2026 Last Modified: Mag 28, 2026
ExploitDB:
Other exploit source:
Google Dorks:
CRITICAL 9,3
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A

Description

AI Translation Available

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0.

94

Improper Control of Generation of Code ('Code Injection')

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control Integrity Confidentiality Availability Non-Repudiation
Potential Impacts:
Bypass Protection Mechanism Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands Hide Activities
Applicable Platforms
Languages: Interpreted
Technologies: AI/ML
Likelihood of Exploit: Medium
View CWE Details
732

Incorrect Permission Assignment for Critical Resource

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Access Control Integrity Other
Potential Impacts:
Read Application Data Read Files Or Directories Gain Privileges Or Assume Identity Modify Application Data Other
Applicable Platforms
Technologies: Not Technology-Specific, Cloud Computing
Likelihood of Exploit: High
View CWE Details
940

Improper Verification of Source of a Communication Channel

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control Other
Potential Impacts:
Gain Privileges Or Assume Identity Varies By Context Bypass Protection Mechanism
Applicable Platforms
Technologies: Mobile
View CWE Details
https://github.com/electerm/electerm/commit/0599e67069b00e3…
https://github.com/electerm/electerm/commit/0599e67069b00e376a2e962649aaad6096e…
https://github.com/electerm/electerm/security/advisories/GH…
https://github.com/electerm/electerm/security/advisories/GHSA-7p5m-v798-f8vv