CVE-2026-43941
CRITICALDescription
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who controls terminal output (e.g., via a malicious SSH server, compromised remote host, or malicious plugin rendering terminal content) can thus achieve arbitrary code execution or local file access on the victim's machine, requiring only that the victim clicks a displayed link. At time of publication, there are no publicly available patches.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| electerm_project | electerm |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2026-43941? +
How severe is CVE-2026-43941? +
What products are affected by CVE-2026-43941? +
How do I check if I'm vulnerable to CVE-2026-43941? +
Related Vulnerabilities
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior …
A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A …
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before …
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution …
Easywall 0.3.1 allows authenticated remote command execution via a command injection vulnerability in the /ports-save endpoint that suffers from a …
Atheos is a self-hosted browser-based cloud integrated development environment. Prior to version 6.0.4, improper use of `escapeshellcmd()` in `/components/codegit/traits/execute.php` allows …