CVE-2026-43943 - Vulnerability Details

Description

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution (RCE) vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using open with system editor or open with a custom editor, the filename is passed directly into a command line without sanitization. A malicious actor controlling the SSH server or user OS can exploit this by crafting a filename containing shell metacharacters. If a victim subsequently attempts to edit this file, the injected commands are executed on their machine with the user's privileges. This could allow the attacker to run arbitrary code, install malware, or move laterally within the network. This issue has been patched in version 3.7.9.

Published: 2026-05-08

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A user’s request to edit a file via Electerm’s SFTP open-with-system‑editor feature passes the chosen filename directly into a shell command without any sanitization. If an attacker controls the SSH server or can influence the client’s filesystem, they can craft a filename that includes shell metacharacters or command separators. When the victim subsequently opens the file, the embedded commands run with the victim’s privileges, enabling arbitrary code execution, malware installation, or lateral movement within the network.

Affected Systems

Electerm (open‑source terminal client) versions prior to 3.7.9 are affected. All releases before the v3.7.9 patch shipping from the electerm:electerm repository carry this vulnerability.

Risk and Exploitability

The CVSS score of 7.8 reflects high severity, but the EPSS score is not available, indicating the exploitation probability is currently unknown. The vulnerability is not listed in CISA’s KEV catalog, and no public exploitation has been reported. The attack vector is likely local or insider via a compromised SSH server or malicious user OS that can deliver a crafted filename. Given the high impact and the lack of existing mitigations in older versions, the risk to any user running an affected instance is substantial.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

electerm

affected

Version	Status	Constraints
`< 3.7.9`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Electerm to version 3.7.9 or later to apply the vendor patch that sanitizes filenames.
If an upgrade is not immediately possible, disable the SFTP “open with system editor” feature or restrict its use to trusted files only.
Validate or sanitize filenames locally to prevent unintended command execution as a temporary mitigation.

Generated by OpenCVE AI on May 8, 2026 at 05:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0002.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/electerm/electerm/commit/24ce7103e264cffe6eb5476c0506a2379e6f8333
https://github.com/electerm/electerm/releases/tag/v3.7.9
https://github.com/electerm/electerm/security/advisories/GHSA-q4p8-8j9m-8hxj

History

Fri, 08 May 2026 04:00:00 +0000

Type	Values Removed	Values Added
Description		electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution (RCE) vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using open with system editor or open with a custom editor, the filename is passed directly into a command line without sanitization. A malicious actor controlling the SSH server or user OS can exploit this by crafting a filename containing shell metacharacters. If a victim subsequently attempts to edit this file, the injected commands are executed on their machine with the user's privileges. This could allow the attacker to run arbitrary code, install malware, or move laterally within the network. This issue has been patched in version 3.7.9.
Title		electerm: RCE via malicious SSH server filename in openFileWithEditor
Weaknesses		CWE-78 CWE-88
References		https://github.com/electerm/electerm/commit/24ce7103e264cffe6eb5476c0506a2379e6f8333 https://github.com/electerm/electerm/releases/tag/v3.7.9 https://github.com/electerm/electerm/security/advisories/GHSA-q4p8-8j9m-8hxj
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-05-08T02:55:51.285Z

Updated: 2026-05-08T02:55:51.285Z

Reserved: 2026-05-04T16:59:09.090Z

Link: CVE-2026-43943

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T04:16:23.837

Modified: 2026-05-08T04:16:23.837

Link: CVE-2026-43943

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-08T06:00:11Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object