PT-2026-41157 · Electerm+1 · Electerm

Curly-Haired-Baboon

Published

2026-05-14

Updated

2026-06-01

CVE-2026-45058

CVSS v4.0

9.4

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions electerm versions prior to 3.8.9

Description Persistent local-pty code execution is possible through the import of bookmark JSON files or compromised synchronization targets such as gist or WebDAV. An attacker can inject exec* fields or global configuration settings to trigger remote code execution when a bookmark is opened or when synchronization is applied.

Recommendations Avoid importing unsafe data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficient Verification of Data Authenticity

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345CWE-94CWE-494CWE-915

Related Identifiers

CVE-2026-45058

GHSA-JGG9-RW32-44PJ

Affected Products

Electerm

PT-2026-41157 · Electerm+1 · Electerm

CVE-2026-45058

Weakness Enumeration

Related Identifiers

Affected Products

References · 7