CVE-2026-43944

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI –opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://… link or opening a crafted shortcut/command that launches electerm with attacker-controlled opts. This issue has been patched in version 3.8.15.

More information : https://github.com/electerm/electerm/commit/0599e67069b00e376a2e962649aaad6096e63507