RCE in Electerm
CVE-2026-45058
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookm…
Vulnerability class: RCE (Remote Code Execution)
EPSS: 0.000 (14.8th percentile) — read the EPSS interpretation.
Affected products
- Electerm — versions <= 3.8.8
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)