CVE-2026-34772

Name of the Vulnerable Software and Affected Versions Electron versions prior to 38.8.6, prior to 39.8.0, prior to 40.7.0, and prior to 41.0.0-beta.8

Description Electron applications allowing downloads and programmatic session destruction may experience a use-after-free condition. Specifically, if a session is terminated while a native save-file dialog is open during a download, dismissing the dialog can lead to dereferencing freed memory, potentially causing a crash or memory corruption. Applications that do not destroy sessions or permit downloads are not affected.

Recommendations Update to Electron version 38.8.6 or later. Update to Electron version 39.8.0 or later. Update to Electron version 40.7.0 or later. Update to Electron version 41.0.0-beta.8 or later. Avoid destroying sessions while a download save dialog may be open. Cancel pending downloads before session teardown.