What is the CVSS score of EUVD-2026-28515?

EUVD-2026-28515 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of electerm are affected by EUVD-2026-28515?

CVE-2026-43943 is a command injection vulnerability in electerm's SFTP file editor that allows attackers to execute arbitrary code when users edit files with malicious filenames.. A patch is available.

electerm EUVD-2026-28515

| CVE-2026-43943 HIGH

OS Command Injection (CWE-78)

2026-05-08 GitHub_M

GHSA-q4p8-8j9m-8hxj

RCE Command Injection

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

May 08, 2026 - 05:31 EUVD

Source Code Evidence Fetched

May 08, 2026 - 04:31 vuln.today

Analysis Generated

May 08, 2026 - 04:31 vuln.today

CVE Published

May 08, 2026 - 02:55 nvd

HIGH 7.8

DescriptionNVD

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution (RCE) vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using open with system editor or open with a custom editor, the filename is passed directly into a command line without sanitization. A malicious actor controlling the SSH server or user OS can exploit this by crafting a filename containing shell metacharacters. If a victim subsequently attempts to edit this file, the injected commands are executed on their machine with the user's privileges. This could allow the attacker to run arbitrary code, install malware, or move laterally within the network. This issue has been patched in version 3.7.9.

AnalysisAI

Command injection in electerm's SFTP file editor feature allows arbitrary code execution when users edit files with maliciously crafted filenames. The vulnerability affects versions prior to 3.7.9 and can be exploited by attackers controlling SSH servers or the victim's operating system to inject shell metacharacters into filenames. …

RemediationAI

Within 24 hours: Identify all systems running electerm versions prior to 3.7.9 using asset inventory and software management tools. Within 7 days: Upgrade electerm to version 3.7.9 or later across all affected systems; verify upgrades in staging environment first. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-28515 vulnerability details – vuln.today

Back

electerm EUVD-2026-28515

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code