Description
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution (RCE) vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using open with system editor or open with a custom editor, the filename is passed directly into a command line without sanitization. A malicious actor controlling the SSH server or user OS can exploit this by crafting a filename containing shell metacharacters. If a victim subsequently attempts to edit this file, the injected commands are executed on their machine with the user's privileges. This could allow the attacker to run arbitrary code, install malware, or move laterally within the network. This issue has been patched in version 3.7.9.
Published: 2026-05-08
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A user’s request to edit a file via Electerm’s SFTP open-with-system‑editor feature passes the chosen filename directly into a shell command without any sanitization. If an attacker controls the SSH server or can influence the client’s filesystem, they can craft a filename that includes shell metacharacters or command separators. When the victim subsequently opens the file, the embedded commands run with the victim’s privileges, enabling arbitrary code execution, malware installation, or lateral movement within the network.

Affected Systems

Electerm (open‑source terminal client) versions prior to 3.7.9 are affected. All releases before the v3.7.9 patch shipping from the electerm:electerm repository carry this vulnerability.

Risk and Exploitability

The CVSS score of 7.8 reflects high severity, but the EPSS score is not available, indicating the exploitation probability is currently unknown. The vulnerability is not listed in CISA’s KEV catalog, and no public exploitation has been reported. The attack vector is likely local or insider via a compromised SSH server or malicious user OS that can deliver a crafted filename. Given the high impact and the lack of existing mitigations in older versions, the risk to any user running an affected instance is substantial.

Generated by OpenCVE AI on May 8, 2026 at 05:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Electerm to version 3.7.9 or later to apply the vendor patch that sanitizes filenames.
  • If an upgrade is not immediately possible, disable the SFTP “open with system editor” feature or restrict its use to trusted files only.
  • Validate or sanitize filenames locally to prevent unintended command execution as a temporary mitigation.

Generated by OpenCVE AI on May 8, 2026 at 05:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-q4p8-8j9m-8hxj Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor
History

Mon, 11 May 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Electerm
Electerm electerm
Vendors & Products Electerm
Electerm electerm

Fri, 08 May 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Electerm Project
Electerm Project electerm
CPEs cpe:2.3:a:electerm_project:electerm:*:*:*:*:*:*:*:*
Vendors & Products Electerm Project
Electerm Project electerm

Fri, 08 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 08 May 2026 04:00:00 +0000

Type Values Removed Values Added
Description electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution (RCE) vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using open with system editor or open with a custom editor, the filename is passed directly into a command line without sanitization. A malicious actor controlling the SSH server or user OS can exploit this by crafting a filename containing shell metacharacters. If a victim subsequently attempts to edit this file, the injected commands are executed on their machine with the user's privileges. This could allow the attacker to run arbitrary code, install malware, or move laterally within the network. This issue has been patched in version 3.7.9.
Title electerm: RCE via malicious SSH server filename in openFileWithEditor
Weaknesses CWE-78
CWE-88
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Electerm Electerm
Electerm Project Electerm
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-08T14:44:16.203Z

Reserved: 2026-05-04T16:59:09.090Z

Link: CVE-2026-43943

cve-icon Vulnrichment

Updated: 2026-05-08T14:44:05.353Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-08T04:16:23.837

Modified: 2026-05-08T19:16:45.713

Link: CVE-2026-43943

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T16:11:17Z

Weaknesses