HomeCVE Intelligence › CVE-2026-43941
CVSS 8.8 HIGH Vulnerability

CVE-2026-43941: Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution v…

Impact Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. When a user connects to a malicious SSH server, the attacker can print…

8.8CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-43941
Vendornpm
Affected Productelecterm
Vulnerability TypeVulnerability
CVSS Score8.8 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Impact Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. When a user connects to a malicious SSH server, the attacker can print a crafted URI in the terminal output. If the victim clicks the link, shell.openExternal executes it using the operating system's default protocol handler. This can be abused to:

• Trigger dangerous protocol handlers (ms-msdt:, search-ms:) for code execution
• Open local files or network shares (file://, UNC paths) to leak NTLM hashes or exfiltrate data
• Launch any installed application associated with a custom URI scheme An attacker who controls terminal output (e.g., via a malicious SSH server, compromised remote host, or malicious plugin rendering terminal c

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-43941 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence