Product
Electerm is vulnerable to remote code execution (CVE-2026-45058) via maliciously crafted bookmark files or compromised sync targets, allowing attackers to inject arbitrary commands when a bookmark is opened or when a sync operation is performed.