CVE-2026-43944: Electerm users can run dangrous code through link or command line
Arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Affected users: electerm installs that accept protocol URLs or CLI options (affected versions listed in the original report). Exploit requires clicking a crafted electerm://... link or opening a crafted shortcut/command that launches electerm with attacker-controlled opts.
References
- github.com/advisories/GHSA-mpm8-cx2p-626q
- github.com/electerm/electerm
- github.com/electerm/electerm/commit/8a6a17951e96d715f5a231532bbd8303fe208700
- github.com/electerm/electerm/commit/a79e06f4a1f0ac6376c3d2411ef4690fa0377742
- github.com/electerm/electerm/releases/tag/v3.8.15
- github.com/electerm/electerm/security/advisories/GHSA-mpm8-cx2p-626q
- nvd.nist.gov/vuln/detail/CVE-2026-43944
Code Behaviors & Features
Detect and mitigate CVE-2026-43944 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →