Package impact
NPM / electerm
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-43940 | high | 8.4 | 8.4 | 21d ago | Electerm runWidget has a path traversal that leads to arbitrary code execution | |||
| CVE-2026-43943 | high | 7.8 | 7.8 | 21d ago | Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor | |||
| CVE-2026-45787 | medium | — | 5.5 | 14d ago | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confid… | |||
| CVE-2026-43942 | medium | 5.5 | 5.5 | 21d ago | Electerm's full process.env exposed to renderer via window.pre.env |