{"vulnerability": "CVE-2026-43944", "sightings": [{"uuid": "67868489-d3d5-4c98-a4a4-c1ef9f86db14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43944", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mld56ctfjr2q", "content": "CVE-2026-43944 - electerm: dangerous code can be run through links or command line\nCVE ID : CVE-2026-43944\n \n Published : May 8, 2026, 4:16 a.m. | 2\u00a0hours, 4\u00a0minutes ago\n \n Description : electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. ...", "creation_timestamp": "2026-05-08T06:48:27.521589Z"}, {"uuid": "25ce00eb-f45e-4666-8c8f-6ba95a043174", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43944", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlh5fndkhb2e", "content": "\ud83d\udd34 CVE-2026-43944 - Critical (9.6)\n\nelecterm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From ve...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-43944/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-09T21:03:10.344793Z"}, {"uuid": "303744f8-2c01-4355-a322-7714641bbb5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43944", "type": "seen", "source": "https://gist.github.com/alon710/81381888e21682cdeae4882d5cd6667d", "content": "# CVE-2026-43944: CVE-2026-43944: Arbitrary Local Code Execution in electerm via Malicious Deep Links\n\n> **CVSS Score:** 9.4\n> **Published:** 2026-05-08\n> **Full Report:** https://cvereports.com/reports/CVE-2026-43944\n\n## Summary\nCVE-2026-43944 is a critical vulnerability in the electerm client that allows for arbitrary local code execution. The application insecurely parses deep link arguments and merges untrusted JSON directly into the core session configuration. This enables attackers to override internal state variables, hijacking the application's execution flow to spawn malicious local binaries.\n\n## TL;DR\nA critical flaw in electerm (< 3.8.15) allows attackers to execute arbitrary local binaries via crafted `electerm://` URIs or CLI flags. The application insecurely merges user-provided JSON payloads into the main session configuration, enabling protocol and executable hijacking.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CVSS v4.0**: 9.4 (Critical)\n- **EPSS Score**: 0.00144 (0.14%)\n- **CWE IDs**: CWE-20, CWE-94, CWE-829\n- **Attack Vector**: Network (via URI handler)\n- **Exploit Status**: Proof of Concept (PoC)\n- **Privileges Required**: None\n- **User Interaction**: Required\n\n## Affected Systems\n\n- electerm 3.0.6 - 3.8.14\n- **electerm**: >= 3.0.6, < 3.8.15 (Fixed in: `3.8.15`)\n\n## Mitigation\n\n- Upgrade electerm to version 3.8.15 or later.\n- Unregister the `electerm://` protocol handler in the operating system registry or application settings.\n- Implement Endpoint Detection and Response (EDR) rules to monitor electerm child process creation.\n- Conduct user training to prevent interaction with untrusted deep links.\n\n**Remediation Steps:**\n1. Identify all hosts running electerm versions between 3.0.6 and 3.8.14.\n2. Deploy the 3.8.15 update package via centralized endpoint management tools.\n3. Verify the update installation by checking the application version string.\n4. If patching is delayed, execute scripts to remove the `electerm://` URI handler association on affected systems.\n\n## References\n\n- [GitHub Advisory (GHSA-mpm8-cx2p-626q)](https://github.com/electerm/electerm/security/advisories/GHSA-mpm8-cx2p-626q)\n- [NVD CVE-2026-43944 Record](https://nvd.nist.gov/vuln/detail/CVE-2026-43944)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-43944) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-08T19:10:29.000000Z"}]}