GHSA-jjp3-mq3x-295m
Suggest an improvement- Source
- https://github.com/advisories/GHSA-jjp3-mq3x-295m
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-jjp3-mq3x-295m/GHSA-jjp3-mq3x-295m.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-jjp3-mq3x-295m
- Aliases
-
- CVE-2026-34770
- Published
- 2026-04-03T02:39:52Z
- Modified
- 2026-04-03T02:48:44.049944Z
- Severity
-
- 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Electron: Use-after-free in PowerMonitor on Windows and macOS
- Details
-
Impact
Apps that use the
powerMonitormodule may be vulnerable to a use-after-free. After the nativePowerMonitorobject is garbage-collected, the associated OS-level resources (a message window on Windows, a shutdown handler on macOS) retain dangling references. A subsequent session-change event (Windows) or system shutdown (macOS) dereferences freed memory, which may lead to a crash or memory corruption.All apps that access
powerMonitorevents (suspend,resume,lock-screen, etc.) are potentially affected. The issue is not directly renderer-controllable.Workarounds
There are no app side workarounds, you must update to a patched version of Electron.
Fixed Versions
41.0.0-beta.840.8.039.8.138.8.6
For more information
If there are any questions or comments about this advisory, please email security@electronjs.org
- Database specific
{ "cwe_ids": [ "CWE-416" ], "github_reviewed": true, "nvd_published_at": null, "severity": "HIGH", "github_reviewed_at": "2026-04-03T02:39:52Z" }- References
Affected packages
npm / electron
Package
- Name
- electron
- View open source insights on deps.dev
- Purl
- pkg:npm/electron
npm / electron
Package
- Name
- electron
- View open source insights on deps.dev
- Purl
- pkg:npm/electron
npm / electron
Package
- Name
- electron
- View open source insights on deps.dev
- Purl
- pkg:npm/electron
npm / electron
Package
- Name
- electron
- View open source insights on deps.dev
- Purl
- pkg:npm/electron