HomeCVE Intelligence › CVE-2026-49255
CVSS 8.8 HIGH Vulnerability

CVE-2026-49255: electerm has Command Injection in File System Operations (rmrf, mv, cp)

Impact A command injection vulnerability exists in electerm's file system operations (rmrf, mv, cp) in src/app/lib/fs.js. These functions construct shell commands by interpolating file paths directly into command string…

8.8CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-49255
Vendornpm
Affected Productelecterm
Vulnerability TypeVulnerability
CVSS Score8.8 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Impact A command injection vulnerability exists in electerm's file system operations (rmrf, mv, cp) in src/app/lib/fs.js. These functions construct shell commands by interpolating file paths directly into command strings without escaping shell metacharacters. Vulnerable functions:

rmrf() - Uses rm -rf "${path}" (double quotes, vulnerable to " injection)
mv() - Uses mv '${from}' '${to}' (single quotes, vulnerable to ' injection)
cp() - Uses cp -r "${from}" "${to}" (double quotes, vulnerable to " injection) Attack scenario:

1. Attacker controls a malicious SSH/SFTP server 2. Server lists files with shell metacharacters in names (e.g., file"$(touch /tmp/pwned)") 3. Victim connects to the server and performs file operations (remote-to-local transfe

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-49255 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence