{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/electerm--3.7.16/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.4,"id":"CVE-2026-43940"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["electerm (\u003c 3.7.16)"],"_cs_severities":["critical"],"_cs_tags":["path-traversal","code-execution","electerm"],"_cs_type":"advisory","_cs_vendors":["electerm"],"content_html":"\u003cp\u003eElecterm versions before 3.7.16 are susceptible to a critical path traversal vulnerability within the \u003ccode\u003erunWidget\u003c/code\u003e function located in \u003ccode\u003esrc/app/widgets/load-widget.js\u003c/code\u003e. This function insecurely constructs file paths by concatenating user-supplied widget identifiers without proper sanitization. Successful exploitation of CVE-2026-43940 allows an attacker with JavaScript execution within the renderer process to load and execute arbitrary JavaScript files anywhere on the victim’s filesystem. This results in local code execution with the full privileges of the Electerm process, potentially leading to complete system compromise on Windows 10 and Linux systems. The vulnerability was confirmed on v3.7.9, Win10.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains initial JavaScript execution within Electerm\u0026rsquo;s renderer process, possibly via a malicious plugin or XSS.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious widget identifier containing path traversal sequences (e.g., \u003ccode\u003e../\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe malicious widget identifier is passed to the \u003ccode\u003erunWidget\u003c/code\u003e function via an asynchronous IPC handler.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erunWidget\u003c/code\u003e function concatenates the unsanitized widget identifier into a file path: \u003ccode\u003ewidget-${widgetId}.js\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe resulting file path includes the path traversal sequences, allowing access to arbitrary files.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erequire()\u003c/code\u003e function attempts to load and execute the JavaScript file at the attacker-controlled path.\u003c/li\u003e\n\u003cli\u003eIf the path traversal is successful, an arbitrary JavaScript file is executed with Electerm process privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary code execution, leading to complete system compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability grants an attacker local code execution with the privileges of the Electerm process. This enables them to perform actions such as installing malware, stealing sensitive data, or compromising the entire system. The vulnerability affects Electerm users on Windows 10 and Linux systems who are running versions prior to 3.7.16. A successful attack could lead to complete system compromise.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Electerm to version 3.7.16 or later to patch CVE-2026-43940.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious Electerm Widget Loading\u003c/code\u003e to your SIEM and tune for your environment to detect path traversal attempts.\u003c/li\u003e\n\u003cli\u003eEnable process creation logging on Windows and Linux systems to enhance visibility and enable the \u003ccode\u003eDetect Suspicious Electerm Widget Loading\u003c/code\u003e rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-05-09T12:00:00Z","date_published":"2024-05-09T12:00:00Z","id":"/briefs/2024-05-electerm-rce/","summary":"Electerm versions prior to 3.7.16 are vulnerable to path traversal, leading to arbitrary code execution through unsanitized widget identifiers.","title":"Electerm Path Traversal Vulnerability Leads to Arbitrary Code Execution","url":"https://feed.craftedsignal.io/briefs/2024-05-electerm-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Electerm (\u003c 3.7.16)","version":"https://jsonfeed.org/version/1.1"}