CVE-2026-34775

Name of the Vulnerable Software and Affected Versions Electron versions prior to 38.8.6, 39.8.4, 40.8.4, and 41.0.0

Description Electron, a framework for building cross-platform desktop applications, had an issue where the nodeIntegrationInWorker webPreference was not correctly scoped. In specific process-sharing situations, workers started in frames with nodeIntegrationInWorker: false could still gain Node.js integration. Applications are only at risk if they have enabled nodeIntegrationInWorker.

Recommendations Versions prior to 38.8.6 should be updated to version 38.8.6 or later. Versions prior to 39.8.4 should be updated to version 39.8.4 or later. Versions prior to 40.8.4 should be updated to version 40.8.4 or later. Versions prior to 41.0.0 should be updated to version 41.0.0 or later. Avoid enabling nodeIntegrationInWorker in applications that also open child windows or embed content with different webPreferences.