CVE-2026-45058

Source
https://cve.org/CVERecord?id=CVE-2026-45058
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45058.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-45058
Aliases
Published
2026-05-28T17:20:41.799Z
Modified
2026-07-08T08:13:30.350755504Z
Severity
  • 9.4 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSS Calculator
Summary
electerm: Import unsafe bookmark data could lead to unsafe operation when click local type bookmark
Details

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookmark JSON files or who have electerm sync configured (gist/WebDAV). The attacker can inject exec* fields or global config to cause remote code to run when a bookmark is opened or when sync is applied.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45058.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-345",
        "CWE-494",
        "CWE-915",
        "CWE-94"
    ]
}
References

Affected packages

Git / github.com/electerm/electerm

Affected ranges

Type
GIT
Repo
https://github.com/electerm/electerm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.8.8"
        }
    ]
}

Affected versions

1.*
1.10.0
1.13.4
2.*
2.4.35
v0.*
v0.0.1
v0.1.0
v0.10.0
v0.11.0
v0.11.1
v0.12.0
v0.13.1
v0.13.2
v0.13.3
v0.14.1
v0.14.2
v0.14.3
v0.14.4
v0.14.8
v0.15.0
v0.15.10
v0.15.3
v0.15.6
v0.16.0
v0.16.1
v0.16.22
v0.16.24
v0.16.25
v0.16.26
v0.16.27
v0.16.28
v0.16.29
v0.16.30
v0.17.0
v0.17.3
v0.18.0
v0.18.4
v0.18.5
v0.18.6
v0.18.7
v0.19.0
v0.19.1
v0.19.12
v0.19.6
v0.19.8
v0.2.0
v0.2.1
v0.2.3
v0.20.0
v0.20.1
v0.20.6
v0.20.9
v0.21.10
v0.21.13
v0.21.14
v0.21.4
v0.21.7
v0.22.0
v0.22.1
v0.22.11
v0.22.14
v0.22.17
v0.22.18
v0.22.2
v0.22.21
v0.22.23
v0.22.24
v0.22.3
v0.22.4
v0.22.6
v0.22.9
v0.23.10
v0.23.11
v0.23.12
v0.23.16
v0.23.18
v0.23.20
v0.23.21
v0.23.24
v0.23.29
v0.23.32
v0.23.41
v0.23.5
v0.23.8
v0.23.9
v0.24.1
v0.24.11
v0.24.16
v0.24.20
v0.24.23
v0.24.25
v0.24.26
v0.24.28
v0.24.3
v0.24.32
v0.24.33
v0.24.35
v0.24.36
v0.24.39
v0.24.4
v0.24.45
v0.24.5
v0.24.9
v0.25.0
v0.25.1
v0.25.18
v0.25.21
v0.25.39
v0.25.41
v0.25.48
v0.25.56
v0.25.60
v0.25.61
v0.25.65
v0.25.66
v0.25.9
v0.26.10
v0.26.12
v0.26.14
v0.26.18
v0.26.2
v0.26.20
v0.26.21
v0.26.22
v0.26.23
v0.26.24
v0.26.27
v0.26.31
v0.26.38
v0.26.40
v0.26.43
v0.26.44
v0.26.46
v0.26.47
v0.26.51
v0.26.54
v0.26.55
v0.26.57
v0.26.59
v0.26.62
v0.26.63
v0.26.67
v0.26.71
v0.26.73
v0.26.75
v0.26.76
v0.26.9
v0.27.0
v0.27.100
v0.27.105
v0.27.11
v0.27.12
v0.27.20
v0.27.22
v0.27.25
v0.27.27
v0.27.34
v0.27.37
v0.27.44
v0.27.48
v0.27.5
v0.27.50
v0.27.52
v0.27.53
v0.27.57
v0.27.60
v0.27.63
v0.27.65
v0.27.67
v0.27.68
v0.27.72
v0.27.74
v0.27.78
v0.27.79
v0.27.80
v0.27.82
v0.27.83
v0.27.84
v0.27.89
v0.27.97
v0.3.0
v0.3.2
v0.3.3
v0.4.0
v0.5.0
v0.6.0
v0.6.1
v0.7.0
v0.8.0
v0.8.5
v0.9.0
v0.9.5
v1.*
v1.0.0
v1.0.13
v1.0.18
v1.0.19
v1.0.21
v1.0.23
v1.0.24
v1.0.27
v1.0.28
v1.0.31
v1.0.33
v1.0.7
v1.10.13
v1.10.14
v1.10.31
v1.10.35
v1.10.39
v1.100.18
v1.100.20
v1.100.30
v1.100.46
v1.100.50
v1.100.56
v1.100.60
v1.100.8
v1.101.10
v1.101.16
v1.101.20
v1.11.0
v1.11.1
v1.11.11
v1.11.12
v1.11.13
v1.11.16
v1.11.5
v1.11.6
v1.11.8
v1.12.0
v1.12.1
v1.12.15
v1.12.19
v1.12.2
v1.12.21
v1.12.24
v1.12.6
v1.12.7
v1.12.9
v1.13.1
v1.13.3
v1.14.0
v1.15.3
v1.16.1
v1.16.11
v1.16.21
v1.16.3
v1.16.5
v1.17.15
v1.17.16
v1.17.19
v1.17.21
v1.17.26
v1.17.3
v1.18.0
v1.18.1
v1.18.5
v1.19.0
v1.19.5
v1.2.2
v1.20.10
v1.20.4
v1.20.6
v1.21.14
v1.21.18
v1.21.20
v1.21.34
v1.21.40
v1.21.48
v1.21.57
v1.21.73
v1.21.74
v1.21.88
v1.21.9
v1.21.91
v1.21.93
v1.22.1
v1.22.20
v1.22.24
v1.22.27
v1.22.30
v1.22.33
v1.22.8
v1.23.15
v1.23.2
v1.23.20
v1.23.22
v1.23.28
v1.23.3
v1.23.32
v1.23.4
v1.23.6
v1.23.8
v1.24.13
v1.25.10
v1.25.12
v1.25.14
v1.25.16
v1.25.20
v1.25.22
v1.25.30
v1.25.40
v1.25.41
v1.25.50
v1.25.6
v1.26.0
v1.26.1
v1.26.2
v1.27.19
v1.27.20
v1.27.30
v1.27.5
v1.28.0
v1.28.1
v1.28.3
v1.28.4
v1.29.2
v1.29.4
v1.29.5
v1.3.0
v1.3.1
v1.3.10
v1.3.12
v1.3.18
v1.3.2
v1.3.21
v1.3.25
v1.3.28
v1.3.31
v1.3.34
v1.3.36
v1.3.38
v1.3.4
v1.3.42
v1.3.45
v1.3.46
v1.3.49
v1.3.5
v1.3.55
v1.3.7
v1.3.8
v1.30.9
v1.31.1
v1.32.28
v1.32.38
v1.32.46
v1.32.6
v1.33.0
v1.33.26
v1.33.36
v1.33.6
v1.34.0
v1.34.10
v1.34.20
v1.34.26
v1.34.30
v1.34.38
v1.34.39
v1.34.46
v1.34.48
v1.34.58
v1.34.6
v1.34.68
v1.35.0
v1.35.6
v1.36.1
v1.37.1
v1.37.106
v1.37.110
v1.37.121
v1.37.126
v1.37.16
v1.37.20
v1.37.36
v1.37.38
v1.37.46
v1.37.58
v1.37.6
v1.37.60
v1.37.66
v1.37.68
v1.37.80
v1.37.88
v1.37.92
v1.37.93
v1.37.96
v1.38.11
v1.38.19
v1.38.30
v1.38.41
v1.38.42
v1.38.43
v1.38.50
v1.38.60
v1.38.65
v1.38.70
v1.38.8
v1.38.80
v1.38.81
v1.38.86
v1.39.103
v1.39.109
v1.39.119
v1.39.18
v1.39.2
v1.39.31
v1.39.35
v1.39.46
v1.39.47
v1.39.5
v1.39.56
v1.39.68
v1.39.76
v1.39.88
v1.39.99
v1.40.16
v1.40.18
v1.40.20
v1.40.6
v1.5.0
v1.5.13
v1.5.15
v1.5.18
v1.5.19
v1.5.4
v1.50.21
v1.50.40
v1.50.46
v1.50.59
v1.50.65
v1.50.66
v1.51.0
v1.51.18
v1.51.3
v1.51.8
v1.60.16
v1.60.29
v1.60.32
v1.60.36
v1.60.48
v1.60.50
v1.60.56
v1.60.6
v1.7.10
v1.7.17
v1.7.18
v1.70.0
v1.70.6
v1.72.18
v1.72.26
v1.72.36
v1.72.48
v1.72.6
v1.80.18
v1.80.2
v1.80.3
v1.80.5
v1.80.6
v1.9.12
v1.9.14
v1.9.19
v1.9.24
v1.9.27
v1.9.31
v1.9.7
v1.90.6
v1.90.8
v1.91.1
v1.91.16
v1.91.8
v2.*
v2.1.16
v2.1.26
v2.1.8
v2.10.26
v2.10.6
v2.11.16
v2.11.6
v2.12.0
v2.13.0
v2.13.6
v2.15.8
v2.16.9
v2.17.16
v2.17.8
v2.2.0
v2.3.100
v2.3.103
v2.3.113
v2.3.118
v2.3.126
v2.3.136
v2.3.151
v2.3.166
v2.3.176
v2.3.18
v2.3.181
v2.3.190
v2.3.191
v2.3.198
v2.3.30
v2.3.36
v2.3.48
v2.3.58
v2.3.6
v2.3.65
v2.3.75
v2.3.85
v2.4.28
v2.4.38
v2.5.16
v2.5.6
v2.5.9
v2.6.0
v2.7.8
v2.8.16
v2.8.6
v3.*
v3.0.18
v3.0.6
v3.1.16
v3.1.26
v3.1.6
v3.2.0
v3.3.8
v3.5.6
v3.6.16
v3.6.6
v3.7.16
v3.7.18
v3.7.9
v3.8.6
v3.8.8

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45058.json"