Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-pdz4-dhj4-d7fh
Vulnerability ID VCID-pdz4-dhj4-d7fh
Aliases CVE-2018-1000006
GHSA-w222-53c6-c86p
Summary Remote Code Execution (Windows) GitHub Electron has a vulnerability in the protocol handler.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.92322 https://api.first.org/data/v1/epss?cve=CVE-2018-1000006
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-w222-53c6-c86p
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2018-1000006
https://electronjs.org/blog/protocol-handler-fix
https://github.com/electron/electron/releases/tag/v1.8.2-beta.4
https://medium.com/@Wflki/exploiting-electron-rce-in-exodus-wallet-d9e6db13c374
https://www.exploit-db.com/exploits/43899/
https://www.exploit-db.com/exploits/44357/
https://www.npmjs.com/advisories/563
http://www.securityfocus.com/bid/102796
CVE-2018-1000006 https://nvd.nist.gov/vuln/detail/CVE-2018-1000006
GHSA-w222-53c6-c86p https://github.com/advisories/GHSA-w222-53c6-c86p
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.99737
EPSS Score 0.92322
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:53:23.093094+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/electron/CVE-2018-1000006.yml 38.6.0