CVE-2026-45787

Name of the Vulnerable Software and Affected Versions electerm versions prior to 3.9.5

Description Insecure sync encryption occurs due to the use of deterministic AES-192-CBC with a fixed zero IV (Initialization Vector), a constant KDF (Key Derivation Function) salt, and the absence of a MAC (Message Authentication Code). This leads to confidentiality and integrity failures for synced bookmark and profile data. Attackers can crack common passwords across different installations and perform undetected ciphertext bit-flips to alter configurations and bookmarks.

Recommendations Update to version 3.9.5.