CVE-2026-45787

UNKNOWN 0.0

electerm's encrypt method not safe enough

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alter config/bookmarks. This vulnerability is fixed in 3.9.5.

CWE	CWE-326 CWE-329 CWE-353 CWE-759 CWE-916
Vendor	electerm
Product	electerm
Published	May 28, 2026
Last Updated	May 29, 2026

Stay Ahead of the Next One

Get instant alerts for electerm electerm

Be the first to know when new unknown vulnerabilities affecting electerm electerm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

electerm / electerm

< 3.9.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/electerm/electerm/security/advisories/GHSA-g29v-q6h7-76wh github.com: https://github.com/electerm/electerm/commit/9dd8295e37d53396b980cd45dfc5ed11ad79b937