SCA: security update for electerm (GHSA-mpm8-cx2p-626q)

critical Tenable Self-Hosted Container Security Plugin ID 441517

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions
3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI
--opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or opening a crafted
shortcut/command that launches electerm with attacker-controlled opts. This issue has been patched in
version 3.8.15. (CVE-2026-43944)

Solution

Update the electerm library and its related packages to version 3.8.15 or later.

See Also

https://github.com/advisories/GHSA-mpm8-cx2p-626q

Plugin Details

Severity: Critical

ID: 441517

Version: Revision 1.4

Type: Local

Family: SCA Checks

Published: 5/8/2026

Updated: 6/1/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 5

Percentile: 94.41

Vendor

Vendor Severity: Critical

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-43944

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 8.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: Critical

Base Score: 9.4

Threat Score: 7.7

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 5/8/2026

Vulnerability Publication Date: 5/8/2026

Reference Information

CVE: CVE-2026-43944