top of page
perceptive_background_267k.jpg

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-bet…

Published:

3 April 2026 at 22:00:00

Alert date:

4 April 2026 at 01:01:48

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Supply Chain & Dependencies

A security vulnerability in the Electron framework allows attackers to inject arbitrary command line switches through an undocumented commandLineSwitches webPreference. This can disable renderer sandboxing and web security controls in applications that construct webPreferences from untrusted input. The vulnerability affects Electron versions prior to 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8. Applications using hardcoded webPreferences are not affected. Patches are available in the specified versions.

Technical details

Mitigation steps:

Affected products:

Electron Framework

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-34769
https://github.com/electron/electron/security/advisories/GHSA-9wfr-w7mm-pc7f

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page