Vulnerability DatabaseCVE-2026-45058
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-45058
Published:May 28, 2026
Updated:June 13, 2026
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookmark JSON files or who have electerm sync configured (gist/WebDAV). The attacker can inject exec* fields or global config to cause remote code to run when a bookmark is opened or when sync is applied.
Related Resources (3)
https://github.com/electerm/electerm/security/advisories/GHSA-jgg9-rw32-44pj
https://github.com/electerm/electerm
https://nvd.nist.gov/vuln/detail/CVE-2026-45058
Do you need more information?
Contact Us
CVSS v4
Base Score:
9.4
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
ACTIVE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
HIGH
Subsequent System Availability
HIGH
CVSS v3
Base Score:
9.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Download of Code Without Integrity Check
CWE-494
Improperly Controlled Modification of Dynamically-Determined Object Attributes
CWE-915
Insufficient Verification of Data Authenticity
CWE-345
Improper Control of Generation of Code ('Code Injection')
CWE-94
EPSS
Base Score:
0.05