These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-45787 documents cryptographic weaknesses in electerm, an open-source terminal/SSH/SFTP client, affecting versions prior to 3.9.5. The vulnerability stems from deterministic AES-192-CBC encryption using a fixed zero initialization vector (IV), constant key derivation function (KDF) salt, and absence of message authentication code (MAC) protection for synchronized bookmark and profile data. These i [truncated]
A critical vulnerability in electerm, an open-source terminal/SSH/SFTP client, affects versions 3.0.6 through 3.8.8. The vulnerability involves code injection weaknesses (CWE-94, CWE-732, CWE-940) that could allow an attacker with local access and low privileges to achieve complete compromise of confidentiality, integrity, and availability on the affected system. The CVSS 4.0 vector indicates local attack [truncated]
CVE-2026-45058 documents a critical remote code execution vulnerability in electerm, an open-source terminal/SSH/SFTP client. The flaw exists in versions 3.8.8 and earlier, where maliciously crafted bookmark JSON files or compromised sync configurations (Gist/WebDAV) can inject arbitrary commands through exec* fields or global configuration parameters. When a user imports a malicious bookmark or syncs fro [truncated]