CVE-2026-45353— electerm: Local code through electerm's single-instance socket
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-45353
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
electerm: Local code through electerm's single-instance socket
Source: NVD (National Vulnerability Database)
Vulnerability Description
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Electerm 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Electerm是中国zxdong262个人开发者的一款基于 electron 开发的 SSH/SFTP 客户端。 Electerm 3.0.6至3.8.8版本存在安全漏洞,该漏洞源于通过electerm的单实例套接字执行本地代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-45353
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-45353
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-45353 (1)
Vendor Advisories for CVE-2026-45353 (1)
Same Patch Batch · electerm · 2026-05-28 · 3 CVEs total
| CVE-2026-45787 | electerm's encrypt method not safe enough | |
| CVE-2026-45058 | electerm: Import unsafe bookmark data could lead to unsafe operation when click local type |
IV. Related Vulnerabilities
Same product: electerm
- CVE-2026-45058
electerm: Import unsafe bookmark data could lead to unsafe o - CVE-2026-45787
electerm's encrypt method not safe enough - CVE-2026-43944
electerm: dangerous code can be run through links or command - CVE-2026-43942
electerm: Full process.env exposed to renderer via window.pr - CVE-2026-43941
Unvalidated shell.openExternal in electerm allows arbitrary
Same vendor: electerm
- CVE-2026-45058
electerm: Import unsafe bookmark data could lead to unsafe o - CVE-2026-45787
electerm's encrypt method not safe enough - CVE-2026-43944
electerm: dangerous code can be run through links or command - CVE-2026-43942
electerm: Full process.env exposed to renderer via window.pr - CVE-2026-43941
Unvalidated shell.openExternal in electerm allows arbitrary
Same weakness: CWE-94
- CVE-2026-10688
ahujasid blender-mcp server.py execute_blender_code code inj - CVE-2026-49143
BrowserStack Runner 0.9.5 Unauthenticated RCE via /_log HTTP - CVE-2026-1829
Content Visibility for Divi Builder <= 4.02 - Authenticated - CVE-2026-47117
OpenMed < 1.5.2 Remote Code Execution via PII Model Loading - CVE-2026-9311
IBM WebSphere Application Server is affected by remote code
V. Comments for CVE-2026-45353
No comments yet