Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

CVE-2026-45353 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2026-45353

CVE-2026-45353

CRITICAL9.3

electerm: Local code through electerm's single-instance socket

Published May 28, 2026

Modified 2 weeks ago

Details

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0.

References

WEB

https://github.com/electerm/electerm/commit/0599e67069b00e376a2e962649aaad6096e63507

WEB

https://github.com/electerm/electerm/security/advisories/GHSA-7p5m-v798-f8vv

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2026-45353

CVSS Analysis

CVSS v4.0

9.3

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Attack Requirements

NoneAT:N

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Vulnerable System

Vuln. Confidentiality

HighVC:H

Vuln. Integrity

HighVI:H

Vuln. Availability

HighVA:H

Subsequent System

Subseq. Confidentiality

HighSC:H

Subseq. Integrity

HighSI:H

Subseq. Availability

HighSA:H

9.3/CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Weakness Type (CWE)

Configuration

CWE-732

Incorrect Permission Assignment

Injection

CWE-94

Code Injection

Other

CWE-940

Ecosystems

Timeline

PublishedMay 28, 2026

ModifiedMay 28, 2026