Package impact
npm / electerm
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-43940 | high | 8.4 | 8.4 | 21d ago | Electerm runWidget has a path traversal that leads to arbitrary code execution | |
| CVE-2026-43943 | high | 7.8 | 7.8 | 21d ago | Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor | |
| CVE-2026-45787 | medium | — | 5.5 | 14d ago | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confid… | |
| CVE-2026-43942 | medium | 5.5 | 5.5 | 21d ago | Electerm's full process.env exposed to renderer via window.pre.env |