CVE-2026-34776: Electron OOB Read in requestSingleInstanceLock
Plattform
nodejs
Komponente
electron
Behoben in
38.8.6
CVE-2026-34776 is an out-of-bounds heap read vulnerability affecting Electron applications on macOS and Linux that utilize the `app.requestSingleInstanceLock()` function. A crafted second-instance message can trigger the vulnerability, potentially leaking memory to the application's `second-instance` event handler. This issue affects Electron versions up to 38.8.6. The vulnerability is fixed in Electron versions 40.8.1 and 41.0.0.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-34776?
CVE-2026-34776 is an out-of-bounds heap read vulnerability in Electron's `app.requestSingleInstanceLock()` function, potentially leaking memory on macOS and Linux.
Am I affected by CVE-2026-34776?
You are affected if your Electron application on macOS or Linux calls `app.requestSingleInstanceLock()` and uses a version of Electron less than or equal to 38.8.6.
How do I fix CVE-2026-34776?
Upgrade to Electron version 40.8.1 or 41.0.0, where the vulnerability is fixed. There are no application-side workarounds available.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten