QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-45787

Back to search

CVE-2026-45787

Published: May 28, 2026

Modified: May 29, 2026

PUBLISHED

Description

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alter config/bookmarks. This vulnerability is fixed in 3.9.5.

VendorProductVersions

electerm

electerm

affected
< 3.9.5

Weaknesses (CWE)

CWE-326
CWE-329
CWE-353
CWE-759
CWE-916

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now