Electron: Use-after-free in download save dialog callback_CVE-2026-34772

5.8 / 10

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

Description

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down while a native save-file dialog is open for a download, dismissing the dialog dereferences freed memory, which may lead to a crash or memory corruption. Apps that do not destroy sessions at runtime, or that do not permit downloads, are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8.

Basic Information

ID CVE-2026-34772

Source GitHub_M

Published Apr 3, 2026 at 23:49

Modified Apr 6, 2026 at 15:27

Affected Product

Vendor electron

Product electron

Version < 38.8.6

Affected Versions electron electron < 38.8.6
electron electron >= 39.0.0-alpha.1, < 39.8.0
electron electron >= 40.0.0-alpha.1, < 40.7.0
electron electron >= 41.0.0-alpha.1, < 41.0.0-beta.8

CWE Classification

CWE-416

References

github.com /electron/electron/security/advisories/GHSA-9w97-2464-8783

{
    "lastseen": "",
    "description": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down while a native save-file dialog is open for a download, dismissing the dialog dereferences freed memory, which may lead to a crash or memory corruption. Apps that do not destroy sessions at runtime, or that do not permit downloads, are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8.",
    "published": "2026-04-03T23:49:20.467Z",
    "modified": "2026-04-06T15:27:44.773Z",
    "type": "cve",
    "title": "Electron: Use-after-free in download save dialog callback",
    "source": "GitHub_M",
    "references": "https://github.com/electron/electron/security/advisories/GHSA-9w97-2464-8783",
    "id": "CVE-2026-34772",
    "bulletinFamily": "",
    "cwe": [
        "CWE-416"
    ],
    "cvelist": null,
    "sourceData": "electron electron < 38.8.6\nelectron electron >= 39.0.0-alpha.1, < 39.8.0\nelectron electron >= 40.0.0-alpha.1, < 40.7.0\nelectron electron >= 41.0.0-alpha.1, < 41.0.0-beta.8",
    "sourceHref": "",
    "cvss": {
        "score": 5.8,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "electron",
    "version": "< 38.8.6",
    "vendor": "electron",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}