electerm: RCE via malicious SSH server filename in openFileWithEditor

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution (RCE) vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using open with system editor or open with a custom editor, the filename is passed directly into a command line without sanitization. A malicious actor controlling the SSH server or user OS can exploit this by crafting a filename containing shell metacharacters. If a victim subsequently attempts to edit this file, the injected commands are executed on their machine with the user's privileges. This could allow the attacker to run arbitrary code, install malware, or move laterally within the network. This issue has been patched in version 3.7.9.

Basic Information

ID CVE-2026-43943

Source GitHub_M

Published May 8, 2026 at 02:55

Affected Product

Vendor electerm

Product electerm

Version < 3.7.9

Affected Versions electerm electerm < 3.7.9

CWE Classification

CWE-78 CWE-88

References

{
    "lastseen": "",
    "description": "electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution (RCE) vulnerability exists in electerm's SFTP open with system editor or \"Edit with custom editor\" feature. When a user opts to edit a file using open with system editor or open with a custom editor, the filename is passed directly into a command line without sanitization. A malicious actor controlling the SSH server or user OS can exploit this by crafting a filename containing shell metacharacters. If a victim subsequently attempts to edit this file, the injected commands are executed on their machine with the user's privileges. This could allow the attacker to run arbitrary code, install malware, or move laterally within the network. This issue has been patched in version 3.7.9.",
    "published": "2026-05-08T02:55:51.285Z",
    "modified": "2026-05-08T02:55:51.285Z",
    "type": "cve",
    "title": "electerm: RCE via malicious SSH server filename in openFileWithEditor",
    "source": "GitHub_M",
    "references": "https://github.com/electerm/electerm/security/advisories/GHSA-q4p8-8j9m-8hxj\nhttps://github.com/electerm/electerm/commit/24ce7103e264cffe6eb5476c0506a2379e6f8333\nhttps://github.com/electerm/electerm/releases/tag/v3.7.9",
    "id": "CVE-2026-43943",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-88"
    ],
    "cvelist": null,
    "sourceData": "electerm electerm < 3.7.9",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "electerm",
    "version": "< 3.7.9",
    "vendor": "electerm",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

electerm: RCE via malicious SSH server filename in openFileWithEditor_CVE-2026-43943