CVE-2026-43941

Name of the Vulnerable Software and Affected Versions Electerm versions prior to 3.8.16

Description The terminal hyperlink handler passes any URL clicked in the terminal directly to the shell.openExternal function without protocol validation. An attacker controlling terminal output, such as through a malicious SSH server, compromised remote host, or malicious plugin, can execute arbitrary code or access local files if a victim clicks a crafted link. This occurs because the operating system's default protocol handler executes the URI, which can be abused to trigger dangerous handlers like ms-msdt: and search-ms:, or open local files and network shares via file:// and UNC paths to leak NTLM hashes or exfiltrate data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. Do not click on any links displayed in terminal sessions connected to untrusted servers. Disable hyperlink rendering in terminal settings. Run the software in a restricted environment, such as a sandbox, AppArmor, or SELinux, to limit the spawning of protocol handlers.