VIR Vulnerability Intelligence Relay

Package impact

npm NPM / electerm

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-41501 critical 9.8 9.8 21d ago electerm has Command Injection via runLinux funtion npm
CVE-2026-41500 critical 9.8 9.8 21d ago electerm: electerm_install_script_CommandInjection Vulnerability Report npm
CVE-2026-43944 critical 9.6 9.6 21d ago Electerm users can run dangrous code through link or command line npm
CVE-2026-43941 critical 9.6 9.6 21d ago Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click npm
CVE-2026-45353 critical 9.5 14d ago electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0. npm
CVE-2026-45058 critical 9.5 14d ago electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync… npm
CVE-2020-23256 critical 9.5 3y ago electerm allows unauthorized users to execute arbitrary commands npm
CVE-2026-45787 medium 5.5 14d ago electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confid… npm
CVE-2026-43942 medium 5.5 5.5 21d ago Electerm's full process.env exposed to renderer via window.pre.env npm