GHSA-9w97-2464-8783
Suggest an improvement- Source
- https://github.com/advisories/GHSA-9w97-2464-8783
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-9w97-2464-8783/GHSA-9w97-2464-8783.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-9w97-2464-8783
- Aliases
-
- CVE-2026-34772
- Published
- 2026-04-03T02:41:23Z
- Modified
- 2026-04-03T02:46:18.457838Z
- Severity
-
- 5.8 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L CVSS Calculator
- Summary
- Electron: Use-after-free in download save dialog callback
- Details
-
Impact
Apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down while a native save-file dialog is open for a download, dismissing the dialog dereferences freed memory, which may lead to a crash or memory corruption.
Apps that do not destroy sessions at runtime, or that do not permit downloads, are not affected.
Workarounds
Avoid destroying sessions while a download save dialog may be open. Cancel pending downloads before session teardown.
Fixed Versions
41.0.0-beta.740.7.039.8.038.8.6
For more information
If there are any questions or comments about this advisory, please email security@electronjs.org
- Database specific
{ "cwe_ids": [ "CWE-416" ], "github_reviewed": true, "nvd_published_at": null, "severity": "MODERATE", "github_reviewed_at": "2026-04-03T02:41:23Z" }- References
Affected packages
npm / electron
Package
- Name
- electron
- View open source insights on deps.dev
- Purl
- pkg:npm/electron
npm / electron
Package
- Name
- electron
- View open source insights on deps.dev
- Purl
- pkg:npm/electron
npm / electron
Package
- Name
- electron
- View open source insights on deps.dev
- Purl
- pkg:npm/electron
npm / electron
Package
- Name
- electron
- View open source insights on deps.dev
- Purl
- pkg:npm/electron