VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-rcpz-szwh-h7gk

Essentials
Severities (32)
References (11)
Severity details (20)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-rcpz-szwh-h7gk
Aliases	CVE-2026-34765 GHSA-f3pv-wv63-48x8
Summary	Electron: Named window.open targets not scoped to the opener's browsing context
Status	Published
Exploitability	0.5
Weighted Severity	6.4
Risk	3.2
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-668	Exposure of Resource to Wrong Sphere
CWE-653	Improper Isolation or Compartmentalization

System	Score	Found at
cvssv3	7.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34765.json
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2026-34765
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2026-34765
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2026-34765
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2026-34765
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2026-34765
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2026-34765
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2026-34765
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2026-34765
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2026-34765
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2026-34765
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2026-34765
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2026-34765
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-f3pv-wv63-48x8
cvssv3.1	6.0	https://github.com/electron/electron
generic_textual	MODERATE	https://github.com/electron/electron
cvssv3.1	6.0	https://github.com/electron/electron/releases/tag/v39.8.5
generic_textual	MODERATE	https://github.com/electron/electron/releases/tag/v39.8.5
cvssv3.1	6.0	https://github.com/electron/electron/releases/tag/v40.8.5
generic_textual	MODERATE	https://github.com/electron/electron/releases/tag/v40.8.5
cvssv3.1	6.0	https://github.com/electron/electron/releases/tag/v41.1.0
generic_textual	MODERATE	https://github.com/electron/electron/releases/tag/v41.1.0
cvssv3.1	6.0	https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5
generic_textual	MODERATE	https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5
cvssv3.1	6	https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8
cvssv3.1	6.0	https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8
cvssv3.1_qr	MODERATE	https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8
generic_textual	MODERATE	https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8
ssvc	Track	https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8
ssvc	Track	https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8
cvssv3.1	6.0	https://nvd.nist.gov/vuln/detail/CVE-2026-34765
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2026-34765

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34765.json
		https://api.first.org/data/v1/epss?cve=CVE-2026-34765
		https://github.com/electron/electron
		https://github.com/electron/electron/releases/tag/v39.8.5
		https://github.com/electron/electron/releases/tag/v40.8.5
		https://github.com/electron/electron/releases/tag/v41.1.0
		https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5
		https://nvd.nist.gov/vuln/detail/CVE-2026-34765
2456278		https://bugzilla.redhat.com/show_bug.cgi?id=2456278
GHSA-f3pv-wv63-48x8		https://github.com/advisories/GHSA-f3pv-wv63-48x8
GHSA-f3pv-wv63-48x8		https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34765.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://github.com/electron/electron

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://github.com/electron/electron/releases/tag/v39.8.5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://github.com/electron/electron/releases/tag/v40.8.5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://github.com/electron/electron/releases/tag/v41.1.0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T03:56:10Z/ Found at https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-08T14:30:47Z/ Found at https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2026-34765

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.06084
EPSS Score	0.00022
Published At	April 21, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-07T21:20:04.784231+00:00	GHSA Importer	Import	https://github.com/advisories/GHSA-f3pv-wv63-48x8	38.1.0