Cyber Resilience

CVE-2026-43944

CriticalRCE

Published: 08 May 2026

Published
08 May 2026
Modified
13 May 2026
KEV Added
Patch
CVSS Score v4 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0036 28.3th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-43944 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Electerm Project Electerm. Its CVSS base score is 9.4 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious Link (T1204.001); ranked at the 28.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or opening a crafted shortcut/command…

more

that launches electerm with attacker-controlled opts. This issue has been patched in version 3.8.15.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.001 Malicious Link Execution
An adversary may rely upon a user clicking a malicious link in order to gain execution.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Vulnerability enables arbitrary code execution specifically via crafted deep links (malicious link) or shortcuts/CLI opts (malicious file), requiring user interaction to trigger.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-43941Same product: Electerm Project Electerm
CVE-2026-43940Same product: Electerm Project Electerm
CVE-2026-41501Same product: Electerm Project Electerm
CVE-2026-41500Same product: Electerm Project Electerm
CVE-2026-43943Same product: Electerm Project Electerm
CVE-2026-42214Shared CWE-94
CVE-2025-0514Shared CWE-20
CVE-2025-24243Shared CWE-94
CVE-2026-40156Shared CWE-829, CWE-94
CVE-2024-27856Shared CWE-94

Affected Assets

electerm project
electerm
3.0.6 — 3.8.15

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-829 CWE-94

Isolated execution prevents functionality from an untrusted sphere from affecting the real environment, allowing safe behavioral inspection.

addresses: CWE-20 CWE-94

Directly implements checks on information inputs to reject invalid data before processing.

addresses: CWE-829

Limiting P2P file sharing technology reduces inclusion of functionality or resources from untrusted external control spheres.

addresses: CWE-829

Enforcing installation policies prevents users from including functionality obtained from untrusted control spheres.

addresses: CWE-829

The inventory process requires identifying and recording the origin of all components, making inclusion of functionality from untrusted control spheres easier to detect during reviews.

addresses: CWE-829

Requiring approval and monitoring of maintenance tools prevents inclusion and execution of functionality obtained from untrusted sources.

addresses: CWE-829

Unowned portable devices represent untrusted control spheres; the prohibition prevents inclusion of functionality or data from such sources.

addresses: CWE-20

Security testing and developer training directly verify and enforce proper input validation, reducing exploitability of injection and malformed-data weaknesses.

References