{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/electerm--3.0.6--3.8.8/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["electerm (\u003e= 3.0.6, \u003c= 3.8.8)"],"_cs_severities":["critical"],"_cs_tags":["local code execution","vulnerability"],"_cs_type":"advisory","_cs_vendors":["electerm"],"content_html":"\u003cp\u003eElecterm versions 3.0.6 through 3.8.8 are susceptible to a local code execution vulnerability (CVE-2026-45353) due to improper handling of inter-process communication. The single-instance feature of Electerm uses a socket or named pipe to communicate between instances of the application. An attacker with local access to the same user account can send a malicious JSON payload to this socket, bypassing intended security controls. This payload can instruct Electerm to create new tabs or execute arbitrary local processes, effectively granting the attacker code execution within the context of the Electerm application. This vulnerability impacts single-instance installations of Electerm and could lead to privilege escalation or data compromise if exploited.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies the Electerm single-instance socket/pipe.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious JSON payload designed to trigger code execution. This payload leverages Electerm\u0026rsquo;s inter-process communication mechanism.\u003c/li\u003e\n\u003cli\u003eThe attacker uses a separate process running under the same user account to send the malicious JSON payload to the Electerm socket/pipe.\u003c/li\u003e\n\u003cli\u003eElecterm receives the payload and, due to insufficient validation, processes the malicious instructions.\u003c/li\u003e\n\u003cli\u003eThe malicious payload instructs Electerm to create a new tab.\u003c/li\u003e\n\u003cli\u003eThe creation of the new tab triggers the execution of attacker-controlled code within the Electerm process.\u003c/li\u003e\n\u003cli\u003eThe attacker-controlled code spawns a local process. This process could be a reverse shell, a data exfiltration tool, or any other arbitrary executable.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the spawned process, achieving local code execution.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-45353 allows a local attacker to execute arbitrary code within the context of the Electerm application. This can lead to a variety of malicious outcomes, including privilege escalation, data theft, and system compromise. The impact is limited to single-instance installations of Electerm. If successfully exploited, an attacker can potentially gain full control over the user\u0026rsquo;s session and sensitive data accessible by Electerm.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Electerm to a version greater than 3.8.8 to patch CVE-2026-45353, as indicated by the patch commit \u003ca href=\"https://github.com/electerm/electerm/commit/0599e67069b00e376a2e962649aaad6096e63507\"\u003ehttps://github.com/electerm/electerm/commit/0599e67069b00e376a2e962649aaad6096e63507\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Electerm Malicious Payload Delivery\u0026rdquo; to detect suspicious processes attempting to interact with Electerm\u0026rsquo;s single-instance socket.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for unexpected child processes spawned by Electerm, leveraging the \u0026ldquo;Detect Electerm Suspicious Child Processes\u0026rdquo; Sigma rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-14T20:35:52Z","date_published":"2026-05-14T20:35:52Z","id":"https://feed.craftedsignal.io/briefs/2026-05-electerm-lce/","summary":"Electerm versions 3.0.6 through 3.8.8 are vulnerable to local code execution (CVE-2026-45353) where a same-user process can send a JSON payload to the application's single-instance socket/pipe, leading to arbitrary tab creation and local process spawning.","title":"Electerm Local Code Execution via Single-Instance Socket (CVE-2026-45353)","url":"https://feed.craftedsignal.io/briefs/2026-05-electerm-lce/"}],"language":"en","title":"CraftedSignal Threat Feed — Electerm (\u003e= 3.0.6, \u003c= 3.8.8)","version":"https://jsonfeed.org/version/1.1"}