Description
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0.
Published: 2026-05-28
Score: 9.3 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Electerm, an open‑source terminal client, contains a flaw in its single‑instance socket handling that can allow local code execution. The vulnerability exists in releases 3.0.6 through 3.8.8 and is fixed in 3.9.0. It arises from insufficient access control and code injection through the socket interface, classifying it under CWE‑732, CWE‑94, and CWE‑940. An attacker with local access can exploit the socket to run arbitrary code, compromising confidentiality, integrity, and availability of the host system.

Affected Systems

The affected product is electerm (Electerm Terminal Client). Vulnerable versions are 3.0.6 up to and including 3.8.8.

Risk and Exploitability

The CVSS score of 9.3 indicates a severe risk, and although the EPSS score is not available, the absence of KEV listing does not diminish the potential impact for installations relying on the affected versions. Likely attack vector is a local user leveraging the single‑instance socket to inject malicious code; exploitation requires the attacker to have ability to start an Electerm instance or interfere with an existing one.

Generated by OpenCVE AI on May 28, 2026 at 19:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade electerm to version 3.9.0 or newer to apply the vendor fix.
  • Restrict permissions on the Electerm single‑instance socket and run the application under a least‑privileged user account to limit the impact of a potential exploit.
  • Monitor for suspicious socket activity and consider blocking the socket port via firewall rules or disabling single‑instance mode if the configuration supports it.

Generated by OpenCVE AI on May 28, 2026 at 19:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-7p5m-v798-f8vv Electerm Local code through electerm's single-instance socket
History

Thu, 28 May 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 28 May 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Electerm
Electerm electerm
Vendors & Products Electerm
Electerm electerm

Thu, 28 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0.
Title electerm: Local code through electerm's single-instance socket
Weaknesses CWE-732
CWE-94
CWE-940
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Electerm Electerm
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-28T19:27:52.948Z

Reserved: 2026-05-11T21:40:08.178Z

Link: CVE-2026-45353

cve-icon Vulnrichment

Updated: 2026-05-28T19:27:44.807Z

cve-icon NVD

Status : Received

Published: 2026-05-28T18:16:35.587

Modified: 2026-05-28T18:16:35.587

Link: CVE-2026-45353

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T19:30:16Z

Weaknesses