CVE-2026-43944

Name of the Vulnerable Software and Affected Versions electerm versions 3.0.6 through 3.8.14

Description Arbitrary local code execution can occur via deep links, CLI --opts, or crafted shortcuts. This happens when a user clicks a crafted electerm://... link or opens a crafted shortcut or command that launches the application with attacker-controlled opts.

Recommendations Update to version 3.8.15. Disable or unregister electerm protocol handlers (Deep Link settings) and avoid clicking electerm:// links. Avoid running the application with untrusted --opts arguments or opening .lnk or .desktop files from untrusted sources. Restrict which users can launch the application on shared machines and avoid installing it in locations reachable by other users. Run the application in a confined account or sandbox (non-admin user) to reduce impact.