Cyber Resilience

CVE-2026-45787

MediumUpdated

Published: 28 May 2026

Published
28 May 2026
Modified
17 June 2026
KEV Added
Patch
CVSS Score v4 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0010 1.3th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-45787 is a medium-severity Inadequate Encryption Strength (CWE-326) vulnerability in Electerm Project Electerm. Its CVSS base score is 6.0 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unsecured Credentials (T1552); ranked at the 1.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and…

more

perform undetected ciphertext bit-flips to alter config/bookmarks. This vulnerability is fixed in 3.9.5.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
T1565 Data Manipulation Impact
Adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
Why these techniques?

Weak crypto enables credential recovery from synced data (T1552) and undetected tampering (T1565).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

Affected Assets

electerm project
electerm
≤ 3.9.5

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-916 CWE-759

Information from security contacts highlights password hashing methods with insufficient computational effort, preventing their adoption.

addresses: CWE-353

Irrefutable evidence of actions requires integrity protection to prevent tampering or alteration of records.

addresses: CWE-353

Implements required signature-based integrity verification, addressing missing support for integrity checks on components.

addresses: CWE-326

Maintaining currency with technologies and practices reduces selection of encryption mechanisms that provide inadequate strength.

addresses: CWE-326

Updated assessments identify when previously adequate encryption strength no longer meets current attack capabilities or compliance drivers.

addresses: CWE-353

Requiring control over the integrity of all changes directly compels developers to implement integrity verification mechanisms rather than omitting them.

addresses: CWE-353

Tamper detection fundamentally depends on integrity-checking capabilities that this control mandates or strengthens.

addresses: CWE-353

Explicitly requires support for integrity and authenticity checks on components before acceptance into the system.

References