CVE-2026-43943

Name of the Vulnerable Software and Affected Versions electerm versions prior to 3.7.9

Description A remote code execution issue exists in the SFTP "open with system editor" or "Edit with custom editor" features. The application passes the filename directly into a command line without sanitization. An attacker controlling the SSH server or the user's operating system can craft a filename containing shell metacharacters. When a victim attempts to edit such a file, the injected commands are executed on the local machine with the user's privileges, potentially allowing the installation of malware or lateral movement within a network.

Recommendations Update to version 3.7.9 or later. Refrain from using the "open with system editor" or "Edit with custom editor" features when connected to untrusted or unfamiliar SSH servers. Use the built-in editor for viewing files. Ensure connections are established exclusively with trusted servers and perform rigorous filename validation before editing.