PT-2026-41182 · Electerm+1 · Electerm

Curly-Haired-Baboon

Published

2026-05-14

Updated

2026-06-03

CVE-2026-45353

CVSS v4.0

9.3

Critical

Vector

AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions electerm versions 3.0.6 through 3.8.8

Description A local code execution issue exists where any process running under the same user can send a JSON payload to the single-instance socket or pipe of the application. This allows an attacker to create tabs and potentially spawn local processes under their control without requiring user interface interaction. This affects installations configured as single-instance on the machine.

Recommendations Update to version 3.9.0. Avoid running unsafe commands as a workaround.

Fix

RCE

Code Injection

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-732CWE-940

Related Identifiers

CVE-2026-45353

GHSA-7P5M-V798-F8VV

Affected Products

Electerm

PT-2026-41182 · Electerm+1 · Electerm

CVE-2026-45353

Weakness Enumeration

Related Identifiers

Affected Products

References · 8