{"url":"http://public2.vulnerablecode.io/api/packages/375955?format=json","purl":"pkg:npm/electerm@3.8.8","type":"npm","namespace":"","name":"electerm","version":"3.8.8","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.9.5","latest_non_vulnerable_version":"3.9.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65576?format=json","vulnerability_id":"VCID-2pth-1pbz-q7a1","summary":"electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who controls terminal output (e.g., via a malicious SSH server, compromised remote host, or malicious plugin rendering terminal content) can thus achieve arbitrary code execution or local file access on the victim's machine, requiring only that the victim clicks a displayed link. At time of publication, there are no publicly available patches.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43941","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06743","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06726","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06734","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06754","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43941"},{"reference_url":"https://github.com/electerm/electerm","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electerm/electerm"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43941","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43941"},{"reference_url":"https://github.com/advisories/GHSA-fwf6-j56g-m97c","reference_id":"GHSA-fwf6-j56g-m97c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fwf6-j56g-m97c"},{"reference_url":"https://github.com/electerm/electerm/security/advisories/GHSA-fwf6-j56g-m97c","reference_id":"GHSA-fwf6-j56g-m97c","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-08T14:34:47Z/"}],"url":"https://github.com/electerm/electerm/security/advisories/GHSA-fwf6-j56g-m97c"}],"fixed_packages":[],"aliases":["CVE-2026-43941","GHSA-fwf6-j56g-m97c"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2pth-1pbz-q7a1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69993?format=json","vulnerability_id":"VCID-bsue-h9tr-2bbc","summary":"electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8,  This vulnerability is fixed in 3.9.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45353","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05996","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06006","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0602","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06012","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45353"},{"reference_url":"https://github.com/electerm/electerm","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electerm/electerm"},{"reference_url":"https://github.com/electerm/electerm/commit/0599e67069b00e376a2e962649aaad6096e63507","reference_id":"0599e67069b00e376a2e962649aaad6096e63507","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T19:27:17Z/"}],"url":"https://github.com/electerm/electerm/commit/0599e67069b00e376a2e962649aaad6096e63507"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45353","reference_id":"CVE-2026-45353","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45353"},{"reference_url":"https://github.com/advisories/GHSA-7p5m-v798-f8vv","reference_id":"GHSA-7p5m-v798-f8vv","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7p5m-v798-f8vv"},{"reference_url":"https://github.com/electerm/electerm/security/advisories/GHSA-7p5m-v798-f8vv","reference_id":"GHSA-7p5m-v798-f8vv","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T19:27:17Z/"}],"url":"https://github.com/electerm/electerm/security/advisories/GHSA-7p5m-v798-f8vv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376093?format=json","purl":"pkg:npm/electerm@3.9.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electerm@3.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/375811?format=json","purl":"pkg:npm/electerm@3.9.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electerm@3.9.5"}],"aliases":["CVE-2026-45353","GHSA-7p5m-v798-f8vv"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bsue-h9tr-2bbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65561?format=json","vulnerability_id":"VCID-c2ky-2na3-ubh3","summary":"electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, the getConstants() IPC handler in src/app/lib/ipc-sync.js serialises the entire process.env object and sends it to the renderer. The data is stored as window.pre.env and is accessible from any JavaScript running in the renderer (e.g., via the DevTools console or a compromised webview context). An attacker who achieves any JavaScript execution within the renderer can trivially exfiltrate these secrets to a remote server, leading to cloud account compromise, supply chain attacks, and lateral movement. At time of publication, there are no publicly available patches.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43942","reference_id":"","reference_type":"","scores":[{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00196","published_at":"2026-06-13T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00197","published_at":"2026-06-11T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00195","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43942"},{"reference_url":"https://github.com/electerm/electerm","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electerm/electerm"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43942","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43942"},{"reference_url":"https://github.com/advisories/GHSA-37j4-88rp-2f6h","reference_id":"GHSA-37j4-88rp-2f6h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-37j4-88rp-2f6h"},{"reference_url":"https://github.com/electerm/electerm/security/advisories/GHSA-37j4-88rp-2f6h","reference_id":"GHSA-37j4-88rp-2f6h","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T23:09:35Z/"}],"url":"https://github.com/electerm/electerm/security/advisories/GHSA-37j4-88rp-2f6h"}],"fixed_packages":[],"aliases":["CVE-2026-43942","GHSA-37j4-88rp-2f6h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c2ky-2na3-ubh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69895?format=json","vulnerability_id":"VCID-tky5-4uvt-9ucd","summary":"electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alter config/bookmarks. This vulnerability is fixed in 3.9.5.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45787","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00746","published_at":"2026-06-11T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00749","published_at":"2026-06-14T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00743","published_at":"2026-06-12T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00745","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45787"},{"reference_url":"https://github.com/electerm/electerm","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electerm/electerm"},{"reference_url":"https://github.com/electerm/electerm/releases/tag/v3.9.5","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electerm/electerm/releases/tag/v3.9.5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45787","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45787"},{"reference_url":"https://github.com/electerm/electerm/commit/9dd8295e37d53396b980cd45dfc5ed11ad79b937","reference_id":"9dd8295e37d53396b980cd45dfc5ed11ad79b937","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T15:29:07Z/"}],"url":"https://github.com/electerm/electerm/commit/9dd8295e37d53396b980cd45dfc5ed11ad79b937"},{"reference_url":"https://github.com/advisories/GHSA-g29v-q6h7-76wh","reference_id":"GHSA-g29v-q6h7-76wh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g29v-q6h7-76wh"},{"reference_url":"https://github.com/electerm/electerm/security/advisories/GHSA-g29v-q6h7-76wh","reference_id":"GHSA-g29v-q6h7-76wh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T15:29:07Z/"}],"url":"https://github.com/electerm/electerm/security/advisories/GHSA-g29v-q6h7-76wh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375811?format=json","purl":"pkg:npm/electerm@3.9.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electerm@3.9.5"}],"aliases":["CVE-2026-45787","GHSA-g29v-q6h7-76wh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tky5-4uvt-9ucd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69844?format=json","vulnerability_id":"VCID-ydrw-nwxu-6kc8","summary":"electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookmark JSON files or who have electerm sync configured (gist/WebDAV). The attacker can inject exec* fields or global config to cause remote code to run when a bookmark is opened or when sync is applied.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45058","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15014","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14985","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14894","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15013","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45058"},{"reference_url":"https://github.com/electerm/electerm","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electerm/electerm"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45058","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45058"},{"reference_url":"https://github.com/advisories/GHSA-jgg9-rw32-44pj","reference_id":"GHSA-jgg9-rw32-44pj","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jgg9-rw32-44pj"},{"reference_url":"https://github.com/electerm/electerm/security/advisories/GHSA-jgg9-rw32-44pj","reference_id":"GHSA-jgg9-rw32-44pj","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-30T02:03:52Z/"}],"url":"https://github.com/electerm/electerm/security/advisories/GHSA-jgg9-rw32-44pj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1066809?format=json","purl":"pkg:npm/electerm@3.8.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2pth-1pbz-q7a1"},{"vulnerability":"VCID-bsue-h9tr-2bbc"},{"vulnerability":"VCID-c2ky-2na3-ubh3"},{"vulnerability":"VCID-tky5-4uvt-9ucd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electerm@3.8.15"}],"aliases":["CVE-2026-45058","GHSA-jgg9-rw32-44pj"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ydrw-nwxu-6kc8"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65535?format=json","vulnerability_id":"VCID-scya-q5rb-hfbm","summary":"electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or opening a crafted shortcut/command that launches electerm with attacker-controlled opts. This issue has been patched in version 3.8.15.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43944","reference_id":"","reference_type":"","scores":[{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36919","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36905","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36712","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36891","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43944"},{"reference_url":"https://github.com/electerm/electerm","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electerm/electerm"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43944","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43944"},{"reference_url":"https://github.com/electerm/electerm/commit/0599e67069b00e376a2e962649aaad6096e63507","reference_id":"0599e67069b00e376a2e962649aaad6096e63507","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:06:05Z/"}],"url":"https://github.com/electerm/electerm/commit/0599e67069b00e376a2e962649aaad6096e63507"},{"reference_url":"https://github.com/electerm/electerm/commit/8a6a17951e96d715f5a231532bbd8303fe208700","reference_id":"8a6a17951e96d715f5a231532bbd8303fe208700","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:06:05Z/"}],"url":"https://github.com/electerm/electerm/commit/8a6a17951e96d715f5a231532bbd8303fe208700"},{"reference_url":"https://github.com/electerm/electerm/commit/a79e06f4a1f0ac6376c3d2411ef4690fa0377742","reference_id":"a79e06f4a1f0ac6376c3d2411ef4690fa0377742","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:06:05Z/"}],"url":"https://github.com/electerm/electerm/commit/a79e06f4a1f0ac6376c3d2411ef4690fa0377742"},{"reference_url":"https://github.com/advisories/GHSA-mpm8-cx2p-626q","reference_id":"GHSA-mpm8-cx2p-626q","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mpm8-cx2p-626q"},{"reference_url":"https://github.com/electerm/electerm/security/advisories/GHSA-mpm8-cx2p-626q","reference_id":"GHSA-mpm8-cx2p-626q","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:06:05Z/"}],"url":"https://github.com/electerm/electerm/security/advisories/GHSA-mpm8-cx2p-626q"},{"reference_url":"https://github.com/electerm/electerm/releases/tag/v3.8.15","reference_id":"v3.8.15","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:06:05Z/"}],"url":"https://github.com/electerm/electerm/releases/tag/v3.8.15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375955?format=json","purl":"pkg:npm/electerm@3.8.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2pth-1pbz-q7a1"},{"vulnerability":"VCID-bsue-h9tr-2bbc"},{"vulnerability":"VCID-c2ky-2na3-ubh3"},{"vulnerability":"VCID-tky5-4uvt-9ucd"},{"vulnerability":"VCID-ydrw-nwxu-6kc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electerm@3.8.8"}],"aliases":["CVE-2026-43944","GHSA-mpm8-cx2p-626q"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-scya-q5rb-hfbm"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electerm@3.8.8"}