CVE-2026-43943: Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor
A code execution (RCE) vulnerability exists in electerm’s SFTP open with system editor or “Edit with custom editor” feature. When a user opts to edit a file using open with system editor or open with a custom editor, the filename is passed directly into a command line without sanitization.
A malicious actor controlling the SSH server or user OS can exploit this by crafting a filename containing shell metacharacters. If a victim subsequently attempts to edit this file, the injected commands are executed on their machine with the user’s privileges. This could allow the attacker to run arbitrary code, install malware, or move laterally within the network.
References
- github.com/advisories/GHSA-q4p8-8j9m-8hxj
- github.com/electerm/electerm
- github.com/electerm/electerm/commit/24ce7103e264cffe6eb5476c0506a2379e6f8333
- github.com/electerm/electerm/releases/tag/v3.7.9
- github.com/electerm/electerm/security/advisories/GHSA-q4p8-8j9m-8hxj
- nvd.nist.gov/vuln/detail/CVE-2026-43943
Code Behaviors & Features
Detect and mitigate CVE-2026-43943 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →