CVE-2026-45787— electerm's encrypt method not safe enough

AI Predicted 7.5 Difficulty: Easy EPSS 0.01% · P2 Updated May 30, 2026

Possible ATT&CK Techniques 2AI

T1105 · Ingress Tool Transfer T1530 · Data from Cloud Storage

Affected Version Matrix 1

Vendor	Product	Version Range	Status
electerm	electerm	`< 3.9.5`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-45787

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

electerm's encrypt method not safe enough

Source: NVD (National Vulnerability Database)

Vulnerability Description

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alter config/bookmarks. This vulnerability is fixed in 3.9.5.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

不充分的加密强度

Source: NVD (National Vulnerability Database)

Vulnerability Title

Electerm 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Electerm是中国zxdong262个人开发者的一款基于 electron 开发的 SSH/SFTP 客户端。 Electerm 3.9.5之前版本存在安全漏洞，该漏洞源于确定性AES-192-CBC使用固定零IV、常量KDF盐且无MAC，导致同步书签/配置文件数据的机密性和完整性失败，攻击者可破解常见密码并执行未检测到的密文比特翻转以更改配置/书签。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
electerm	electerm	< 3.9.5	-

II. Public POCs for CVE-2026-45787

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-45787

请登录查看更多情报信息。

Patches & Fixes for CVE-2026-45787 (1)

🔗 security: update encryption to use aes-256-gcm and improve format han… · electerm/electerm@9dd8295 · GitHub Read full article x_refsource_MISC

Vendor Advisories for CVE-2026-45787 (1)

🔗 electerm's encrypt method not safe enough · Advisory · electerm/electerm · GitHub Read full article x_refsource_CONFIRM

https://nvd.nist.gov/vuln/detail/CVE-2026-45787

Same Patch Batch · electerm · 2026-05-28 · 3 CVEs total

CVE-2026-45353		electerm: Local code through electerm's single-instance socket
CVE-2026-45058		electerm: Import unsafe bookmark data could lead to unsafe operation when click local type

IV. Related Vulnerabilities

Same product: electerm

Same vendor: electerm

Same weakness: CWE-326

V. Comments for CVE-2026-45787

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-45787— electerm's encrypt method not safe enough

Possible ATT&CK Techniques 2AI

Affected Version Matrix 1

I. Basic Information for CVE-2026-45787

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-45787

III. Intelligence Information for CVE-2026-45787

Patches & Fixes for CVE-2026-45787 (1)

Vendor Advisories for CVE-2026-45787 (1)

Same Patch Batch · electerm · 2026-05-28 · 3 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-45787

Leave a comment