CVE-2026-43943 (GCVE-0-2026-43943)
Vulnerability from cvelistv5 – Published: 2026-05-08 02:55 – Updated: 2026-05-08 14:44
VLAI?
Title
electerm: RCE via malicious SSH server filename in openFileWithEditor
Summary
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution (RCE) vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using open with system editor or open with a custom editor, the filename is passed directly into a command line without sanitization. A malicious actor controlling the SSH server or user OS can exploit this by crafting a filename containing shell metacharacters. If a victim subsequently attempts to edit this file, the injected commands are executed on their machine with the user's privileges. This could allow the attacker to run arbitrary code, install malware, or move laterally within the network. This issue has been patched in version 3.7.9.
Severity ?
7.8 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43943",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-08T14:43:39.782780Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T14:44:16.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "electerm",
"vendor": "electerm",
"versions": [
{
"status": "affected",
"version": "\u003c 3.7.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution (RCE) vulnerability exists in electerm\u0027s SFTP open with system editor or \"Edit with custom editor\" feature. When a user opts to edit a file using open with system editor or open with a custom editor, the filename is passed directly into a command line without sanitization. A malicious actor controlling the SSH server or user OS can exploit this by crafting a filename containing shell metacharacters. If a victim subsequently attempts to edit this file, the injected commands are executed on their machine with the user\u0027s privileges. This could allow the attacker to run arbitrary code, install malware, or move laterally within the network. This issue has been patched in version 3.7.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T02:55:51.285Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/electerm/electerm/security/advisories/GHSA-q4p8-8j9m-8hxj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electerm/electerm/security/advisories/GHSA-q4p8-8j9m-8hxj"
},
{
"name": "https://github.com/electerm/electerm/commit/24ce7103e264cffe6eb5476c0506a2379e6f8333",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electerm/electerm/commit/24ce7103e264cffe6eb5476c0506a2379e6f8333"
},
{
"name": "https://github.com/electerm/electerm/releases/tag/v3.7.9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electerm/electerm/releases/tag/v3.7.9"
}
],
"source": {
"advisory": "GHSA-q4p8-8j9m-8hxj",
"discovery": "UNKNOWN"
},
"title": "electerm: RCE via malicious SSH server filename in openFileWithEditor"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-43943",
"datePublished": "2026-05-08T02:55:51.285Z",
"dateReserved": "2026-05-04T16:59:09.090Z",
"dateUpdated": "2026-05-08T14:44:16.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-43943",
"date": "2026-05-09",
"epss": "0.0003",
"percentile": "0.08697"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-43943\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-08T04:16:23.837\",\"lastModified\":\"2026-05-08T19:16:45.713\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution (RCE) vulnerability exists in electerm\u0027s SFTP open with system editor or \\\"Edit with custom editor\\\" feature. When a user opts to edit a file using open with system editor or open with a custom editor, the filename is passed directly into a command line without sanitization. A malicious actor controlling the SSH server or user OS can exploit this by crafting a filename containing shell metacharacters. If a victim subsequently attempts to edit this file, the injected commands are executed on their machine with the user\u0027s privileges. This could allow the attacker to run arbitrary code, install malware, or move laterally within the network. This issue has been patched in version 3.7.9.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"},{\"lang\":\"en\",\"value\":\"CWE-88\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:electerm_project:electerm:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.7.9\",\"matchCriteriaId\":\"8598BEBB-099D-4FA5-BB96-F50CCA3387E5\"}]}]}],\"references\":[{\"url\":\"https://github.com/electerm/electerm/commit/24ce7103e264cffe6eb5476c0506a2379e6f8333\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/electerm/electerm/releases/tag/v3.7.9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/electerm/electerm/security/advisories/GHSA-q4p8-8j9m-8hxj\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-43943\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-08T14:43:39.782780Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-08T14:44:05.353Z\"}}], \"cna\": {\"title\": \"electerm: RCE via malicious SSH server filename in openFileWithEditor\", \"source\": {\"advisory\": \"GHSA-q4p8-8j9m-8hxj\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"electerm\", \"product\": \"electerm\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.7.9\"}]}], \"references\": [{\"url\": \"https://github.com/electerm/electerm/security/advisories/GHSA-q4p8-8j9m-8hxj\", \"name\": \"https://github.com/electerm/electerm/security/advisories/GHSA-q4p8-8j9m-8hxj\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/electerm/electerm/commit/24ce7103e264cffe6eb5476c0506a2379e6f8333\", \"name\": \"https://github.com/electerm/electerm/commit/24ce7103e264cffe6eb5476c0506a2379e6f8333\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/electerm/electerm/releases/tag/v3.7.9\", \"name\": \"https://github.com/electerm/electerm/releases/tag/v3.7.9\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution (RCE) vulnerability exists in electerm\u0027s SFTP open with system editor or \\\"Edit with custom editor\\\" feature. When a user opts to edit a file using open with system editor or open with a custom editor, the filename is passed directly into a command line without sanitization. A malicious actor controlling the SSH server or user OS can exploit this by crafting a filename containing shell metacharacters. If a victim subsequently attempts to edit this file, the injected commands are executed on their machine with the user\u0027s privileges. This could allow the attacker to run arbitrary code, install malware, or move laterally within the network. This issue has been patched in version 3.7.9.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-88\", \"description\": \"CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-08T02:55:51.285Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-43943\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-08T14:44:16.203Z\", \"dateReserved\": \"2026-05-04T16:59:09.090Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-08T02:55:51.285Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-43943
Vulnerability from fkie_nvd - Published: 2026-05-08 04:16 - Updated: 2026-05-08 19:16
Severity ?
Summary
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution (RCE) vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using open with system editor or open with a custom editor, the filename is passed directly into a command line without sanitization. A malicious actor controlling the SSH server or user OS can exploit this by crafting a filename containing shell metacharacters. If a victim subsequently attempts to edit this file, the injected commands are executed on their machine with the user's privileges. This could allow the attacker to run arbitrary code, install malware, or move laterally within the network. This issue has been patched in version 3.7.9.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electerm_project | electerm | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electerm_project:electerm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8598BEBB-099D-4FA5-BB96-F50CCA3387E5",
"versionEndExcluding": "3.7.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution (RCE) vulnerability exists in electerm\u0027s SFTP open with system editor or \"Edit with custom editor\" feature. When a user opts to edit a file using open with system editor or open with a custom editor, the filename is passed directly into a command line without sanitization. A malicious actor controlling the SSH server or user OS can exploit this by crafting a filename containing shell metacharacters. If a victim subsequently attempts to edit this file, the injected commands are executed on their machine with the user\u0027s privileges. This could allow the attacker to run arbitrary code, install malware, or move laterally within the network. This issue has been patched in version 3.7.9."
}
],
"id": "CVE-2026-43943",
"lastModified": "2026-05-08T19:16:45.713",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-05-08T04:16:23.837",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/electerm/electerm/commit/24ce7103e264cffe6eb5476c0506a2379e6f8333"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/electerm/electerm/releases/tag/v3.7.9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/electerm/electerm/security/advisories/GHSA-q4p8-8j9m-8hxj"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
},
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
GHSA-Q4P8-8J9M-8HXJ
Vulnerability from github – Published: 2026-05-08 18:43 – Updated: 2026-05-08 18:43
VLAI?
Summary
Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor
Details
Impact
A code execution (RCE) vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using open with system editor or open with a custom editor, the filename is passed directly into a command line without sanitization.
A malicious actor controlling the SSH server or user OS can exploit this by crafting a filename containing shell metacharacters. If a victim subsequently attempts to edit this file, the injected commands are executed on their machine with the user's privileges. This could allow the attacker to run arbitrary code, install malware, or move laterally within the network.
Patches
Fixed in version >= 3.7.9
- https://github.com/electerm/electerm/commit/24ce7103e264cffe6eb5476c0506a2379e6f8333
Workarounds
Until a patch is available, it is strongly recommended to:
- Refrain from using the open with system editor or "Edit with custom editor" feature when connected to untrusted or unfamiliar SSH servers.
- Consider using the built-in editor for viewing files, as this path may not be vulnerable to the same injection.
- If the feature must be used, ensure connections are exclusively established with trusted servers and perform rigorous filename validation before editing.
Resources
Severity ?
8.8 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.7.8"
},
"package": {
"ecosystem": "npm",
"name": "electerm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.7.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-43943"
],
"database_specific": {
"cwe_ids": [
"CWE-78",
"CWE-88"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-08T18:43:52Z",
"nvd_published_at": "2026-05-08T04:16:23Z",
"severity": "HIGH"
},
"details": "### Impact\n\nA code execution (RCE) vulnerability exists in electerm\u0027s SFTP open with system editor or \"Edit with custom editor\" feature. When a user opts to edit a file using open with system editor or open with a custom editor, the filename is passed directly into a command line without sanitization.\n\nA malicious actor controlling the SSH server or user OS can exploit this by crafting a filename containing shell metacharacters. If a victim subsequently attempts to edit this file, the injected commands are executed on their machine with the user\u0027s privileges. This could allow the attacker to run arbitrary code, install malware, or move laterally within the network.\n\n\u003cimg width=\"1792\" height=\"817\" alt=\"1\" src=\"https://github.com/user-attachments/assets/ddf78890-e95d-4fe7-981e-f86887677e8b\" /\u003e\n\u003cimg width=\"1648\" height=\"941\" alt=\"2\" src=\"https://github.com/user-attachments/assets/cca2295b-2053-4d99-a464-be51eac2f5be\" /\u003e\n\n### Patches\n\nFixed in version \u003e= 3.7.9\n\n- https://github.com/electerm/electerm/commit/24ce7103e264cffe6eb5476c0506a2379e6f8333\n\n### Workarounds\n\nUntil a patch is available, it is strongly recommended to: \n- Refrain from using the open with system editor or \"Edit with custom editor\" feature when connected to untrusted or unfamiliar SSH servers. \n- Consider using the built-in editor for viewing files, as this path may not be vulnerable to the same injection. \n- If the feature must be used, ensure connections are exclusively established with trusted servers and perform rigorous filename validation before editing.\n\n### Resources\n\n- [electerm GitHub Repository](https://github.com/electerm/electerm)",
"id": "GHSA-q4p8-8j9m-8hxj",
"modified": "2026-05-08T18:43:52Z",
"published": "2026-05-08T18:43:52Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/electerm/electerm/security/advisories/GHSA-q4p8-8j9m-8hxj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43943"
},
{
"type": "WEB",
"url": "https://github.com/electerm/electerm/commit/24ce7103e264cffe6eb5476c0506a2379e6f8333"
},
{
"type": "PACKAGE",
"url": "https://github.com/electerm/electerm"
},
{
"type": "WEB",
"url": "https://github.com/electerm/electerm/releases/tag/v3.7.9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…