CVE-2026-45787
EUVD-2026-3295928.05.2026, 18:16
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alter config/bookmarks. This vulnerability is fixed in 3.9.5.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| electerm_project | electerm | 𝑥 < 3.9.5 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration