What is CVE-2026-34765?

CVE-2026-34765 is a medium-severity vulnerability in Electron, classified under Exposure of Resource to Wrong Sphere. CVSS score: 6.0/10. Published 2026-04-07.

How severe is CVE-2026-34765?

Medium severity. CVSS v3 base score is 6.0 out of 10.

Vulnerability in Electron

CVE-2026-34765

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, when a renderer calls window.open() with a target name, Electron did not correctly…

EPSS: 0.000 (7.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.0 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L.

Affected products

Electron — versions < 39.8.5, >= 40.0.0-alpha.1, < 40.8.5, >= 41.0.0-alpha.1, < 41.1.0

Weakness classification (CWE)

CWE-668 — Exposure of Resource to Wrong Sphere

References

https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-34765?: CVE-2026-34765 is a medium-severity vulnerability in Electron, classified under Exposure of Resource to Wrong Sphere. CVSS score: 6.0/10. Published 2026-04-07.
How severe is CVE-2026-34765?: Medium severity. CVSS v3 base score is 6.0 out of 10.