Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-2pth-1pbz-q7a1
Vulnerability ID VCID-2pth-1pbz-q7a1
Aliases CVE-2026-43941
GHSA-fwf6-j56g-m97c
Summary electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who controls terminal output (e.g., via a malicious SSH server, compromised remote host, or malicious plugin rendering terminal content) can thus achieve arbitrary code execution or local file access on the victim's machine, requiring only that the victim clicks a displayed link. At time of publication, there are no publicly available patches.
Status Published
Exploitability 0.5
Weighted Severity 8.6
Risk 4.3
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00023 https://api.first.org/data/v1/epss?cve=CVE-2026-43941
epss 0.00023 https://api.first.org/data/v1/epss?cve=CVE-2026-43941
epss 0.00023 https://api.first.org/data/v1/epss?cve=CVE-2026-43941
epss 0.00023 https://api.first.org/data/v1/epss?cve=CVE-2026-43941
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-fwf6-j56g-m97c
cvssv3.1 8.8 https://github.com/electerm/electerm
generic_textual HIGH https://github.com/electerm/electerm
cvssv3.1 8.8 https://github.com/electerm/electerm/security/advisories/GHSA-fwf6-j56g-m97c
cvssv3.1 9.6 https://github.com/electerm/electerm/security/advisories/GHSA-fwf6-j56g-m97c
cvssv3.1_qr HIGH https://github.com/electerm/electerm/security/advisories/GHSA-fwf6-j56g-m97c
generic_textual HIGH https://github.com/electerm/electerm/security/advisories/GHSA-fwf6-j56g-m97c
ssvc Track https://github.com/electerm/electerm/security/advisories/GHSA-fwf6-j56g-m97c
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2026-43941
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2026-43941
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2026-43941
https://github.com/electerm/electerm
https://nvd.nist.gov/vuln/detail/CVE-2026-43941
GHSA-fwf6-j56g-m97c https://github.com/advisories/GHSA-fwf6-j56g-m97c
GHSA-fwf6-j56g-m97c https://github.com/electerm/electerm/security/advisories/GHSA-fwf6-j56g-m97c
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/electerm/electerm
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/electerm/electerm/security/advisories/GHSA-fwf6-j56g-m97c
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://github.com/electerm/electerm/security/advisories/GHSA-fwf6-j56g-m97c
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-08T14:34:47Z/ Found at https://github.com/electerm/electerm/security/advisories/GHSA-fwf6-j56g-m97c
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2026-43941
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.06734
EPSS Score 0.00023
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T16:41:21.175777+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2026/43xxx/CVE-2026-43941.json 38.6.0