What is CVE-2026-34781?

CVE-2026-34781 is a low-severity vulnerability in Electron, classified under NULL Pointer Dereference. CVSS score: 2.8/10. Published 2026-04-07.

How severe is CVE-2026-34781?

Low severity. CVSS v3 base score is 2.8 out of 10.

NULL pointer dereference in Electron

CVE-2026-34781

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that call clipboard.readImage() may be vulnerable to a denial of service. If…

EPSS: 0.000 (0.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.8 (Low). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L.

Affected products

Electron — versions < 39.8.5, >= 40.0.0-alpha.1, < 40.8.5, >= 41.0.0-alpha.1, < 41.1.0

Weakness classification (CWE)

CWE-476 — NULL Pointer Dereference

References

https://github.com/electron/electron/security/advisories/GHSA-f37v-82c4-4x64 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-34781?: CVE-2026-34781 is a low-severity vulnerability in Electron, classified under NULL Pointer Dereference. CVSS score: 2.8/10. Published 2026-04-07.
How severe is CVE-2026-34781?: Low severity. CVSS v3 base score is 2.8 out of 10.