CRITICAL 9.6 npm
Electerm users can run dangrous code through link or command line
GHSA-mpm8-cx2p-626q · CVE-2026-43944
Published · Modified
Description
Impact
Arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Affected users: electerm installs that accept protocol URLs or CLI options (affected versions listed in the original report). Exploit requires clicking a crafted electerm://... link or opening a crafted shortcut/command that launches electerm with attacker-controlled opts.
Patches
Fixed in version > 3.8.8
commits:
- https://github.com/electerm/electerm/commit/8a6a17951e96d715f5a231532bbd8303fe208700
- https://github.com/electerm/electerm/commit/a79e06f4a1f0ac6376c3d2411ef4690fa0377742
- https://github.com/electerm/electerm/commit/0599e67069b00e376a2e962649aaad6096e63507
Workarounds
- Disable or unregister electerm protocol handlers (Deep Link settings) and avoid clicking
electerm://links. - Do not run electerm with untrusted
--optsarguments or open.lnk/.desktopfiles from untrusted sources. - Restrict which users can launch electerm on shared machines and avoid leaving electerm installed in locations reachable by other users.
- As a temporary measure, run electerm in a confined account or sandbox (non-admin user) to reduce impact.
References
- Report / credit: https://github.com/Curly-Haired-Baboon
- Electerm releases: https://github.com/electerm/electerm/releases
References
- WEB https://github.com/electerm/electerm/security/advisories/GHSA-mpm8-cx2p-626q
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-43944
- WEB https://github.com/electerm/electerm/commit/0599e67069b00e376a2e962649aaad6096e63507
- WEB https://github.com/electerm/electerm/commit/8a6a17951e96d715f5a231532bbd8303fe208700
- WEB https://github.com/electerm/electerm/commit/a79e06f4a1f0ac6376c3d2411ef4690fa0377742
- PACKAGE https://github.com/electerm/electerm
- WEB https://github.com/electerm/electerm/releases/tag/v3.8.15
Ready to move
Start Securing
Free, no credit card | First findings in minutes