{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/electerm--3.0.6--3.8.15/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"id":"CVE-2026-43944"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Electerm (\u003e= 3.0.6, \u003c 3.8.15)"],"_cs_severities":["critical"],"_cs_tags":["code-execution","protocol-handler","electerm"],"_cs_type":"advisory","_cs_vendors":["Electerm"],"content_html":"\u003cp\u003eElecterm, a free and open-source terminal/ssh/sftp client, is vulnerable to arbitrary code execution. Versions 3.0.6 through 3.8.14 are susceptible to this vulnerability. An attacker can exploit this by crafting a malicious \u003ccode\u003eelecterm://\u003c/code\u003e URI or by crafting a shortcut/command that launches electerm with attacker-controlled \u003ccode\u003e--opts\u003c/code\u003e arguments. Successful exploitation requires a user to click the malicious link or open the malicious shortcut file. This vulnerability allows attackers to execute arbitrary code on the victim\u0026rsquo;s machine, potentially leading to system compromise, data theft, or other malicious activities. The vulnerability was reported by Curly-Haired-Baboon.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a malicious \u003ccode\u003eelecterm://\u003c/code\u003e URI or a shortcut/command containing malicious \u003ccode\u003e--opts\u003c/code\u003e arguments.\u003c/li\u003e\n\u003cli\u003eThe attacker distributes the malicious URI or shortcut/command to the victim via social engineering or other means.\u003c/li\u003e\n\u003cli\u003eThe victim clicks on the malicious \u003ccode\u003eelecterm://\u003c/code\u003e URI or opens the malicious shortcut/command.\u003c/li\u003e\n\u003cli\u003eElecterm is launched with the attacker-controlled parameters.\u003c/li\u003e\n\u003cli\u003eDue to insufficient validation of the input, the attacker\u0026rsquo;s payload is processed by Electerm.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s payload executes arbitrary code on the victim\u0026rsquo;s machine.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the compromised system, enabling them to perform malicious activities.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can lead to arbitrary code execution on the victim\u0026rsquo;s machine. This can result in a wide range of malicious activities, including but not limited to, system compromise, data theft, installation of malware, and denial of service. Given the nature of Electerm as a terminal client, attackers could potentially gain access to sensitive credentials and systems managed through the application.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Electerm to version 3.8.15 or later to patch CVE-2026-43944.\u003c/li\u003e\n\u003cli\u003eDisable or unregister electerm protocol handlers (Deep Link settings) as a workaround.\u003c/li\u003e\n\u003cli\u003eAvoid clicking \u003ccode\u003eelecterm://\u003c/code\u003e links from untrusted sources.\u003c/li\u003e\n\u003cli\u003eRefrain from running electerm with untrusted \u003ccode\u003e--opts\u003c/code\u003e arguments or opening \u003ccode\u003e.lnk\u003c/code\u003e / \u003ccode\u003e.desktop\u003c/code\u003e files from untrusted sources.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Electerm URI Protocol Handler Abuse\u0026rdquo; to identify attempts to exploit this vulnerability by monitoring process execution that involves the electerm protocol.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-08T18:46:04Z","date_published":"2026-05-08T18:46:04Z","id":"/briefs/2024-05-electerm-code-exec/","summary":"Electerm versions 3.0.6 through 3.8.14 are vulnerable to arbitrary local code execution via crafted electerm:// URIs or command-line arguments, requiring a user to click a malicious link or open a malicious shortcut file.","title":"Electerm Arbitrary Code Execution via Crafted URI or CLI Arguments","url":"https://feed.craftedsignal.io/briefs/2024-05-electerm-code-exec/"}],"language":"en","title":"CraftedSignal Threat Feed — Electerm (\u003e= 3.0.6, \u003c 3.8.15)","version":"https://jsonfeed.org/version/1.1"}