CVE-2026-45353: Electerm Local code through electerm's single-instance socket

May 14, 2026

Local code execution without UI interaction: any same-user process can send a JSON payload to electerm’s single-instance socket/pipe, causing the app to create tabs and potentially spawn attacker-controlled local processes. Affects electerm single-instance installs on the machine.

References

github.com/advisories/GHSA-7p5m-v798-f8vv
github.com/electerm/electerm/security/advisories/GHSA-7p5m-v798-f8vv
nvd.nist.gov/vuln/detail/CVE-2026-45353

Code Behaviors & Features

Detect and mitigate CVE-2026-45353 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →