PT-2026-30006 · Electron · Electron
Published
2026-04-03
·
Updated
2026-04-27
·
CVE-2026-34776
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Electron versions prior to 38.8.6, 39.8.1, 40.8.1, and 41.0.0
Description
Electron applications calling
app.requestSingleInstanceLock() on macOS and Linux were susceptible to an out-of-bounds heap read when processing a specially crafted second-instance message. This could lead to memory leakage delivered to the app's second-instance event handler. The issue is confined to processes running under the same user account as the Electron application. Applications not utilizing app.requestSingleInstanceLock() are not affected. Windows is not impacted by this issue.Recommendations
Update to Electron version 38.8.6 or later
Update to Electron version 39.8.1 or later
Update to Electron version 40.8.1 or later
Update to Electron version 41.0.0 or later
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Electron