What is the CVSS score of CVE-2026-34781?

CVE-2026-34781 has a CVSS 3.1 base score of 2.8 (Low). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-34781?

Yes, a patch is available for CVE-2026-34781. Update the affected software to the latest version immediately.

CVE-2026-34781

EUVD-2026-19950 LOW

NULL Pointer Dereference (CWE-476)

2026-04-07 https://github.com/electron/electron

GHSA-f37v-82c4-4x64

RCE Buffer Overflow Denial Of Service Null Pointer Dereference

2.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Apr 07, 2026 - 16:00 euvd

EUVD-2026-19950

Analysis Generated

Apr 07, 2026 - 16:00 vuln.today

Patch released

Apr 07, 2026 - 16:00 nvd

Patch available

CVE Published

Apr 07, 2026 - 15:52 nvd

LOW 2.8

DescriptionNVD

Impact

Apps that call clipboard.readImage() may be vulnerable to a denial of service. If the system clipboard contains image data that fails to decode, the resulting null bitmap is passed unchecked to image construction, triggering a controlled abort and crashing the process.

Apps are only affected if they call clipboard.readImage(). Apps that do not read images from the clipboard are not affected. This issue does not allow memory corruption or code execution.

Workarounds

Validate that the clipboard contains image data via clipboard.availableFormats() before calling clipboard.readImage(). Note this only narrows the window - upgrading to a fixed version is recommended.

Fixed Versions

42.0.0-alpha.5
41.1.0
40.8.5
39.8.5

For more information

If you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org)

AnalysisAI

Denial of service in Electron's clipboard.readImage() allows local authenticated attackers to crash applications by supplying malformed image data on the system clipboard. The vulnerability affects Electron versions prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, but only impacts apps that explicitly call clipboard.readImage(). …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-34781 vulnerability details – vuln.today

Back