CVE-2026-34770: Electron Use-After-Free in powerMonitor Module
Plattform
nodejs
Komponente
electron
Behoben in
38.8.6
CVE-2026-34770 describes a use-after-free vulnerability affecting applications using the `powerMonitor` module in Electron. This flaw can lead to crashes or memory corruption due to dangling references after the native `PowerMonitor` object is garbage-collected. All apps accessing `powerMonitor` events are potentially affected, with versions up to and including 38.8.6 being vulnerable. Currently, there is no official patch available to address this issue.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-34770?
CVE-2026-34770 is a use-after-free vulnerability in Electron's `powerMonitor` module that can cause crashes or memory corruption.
Am I affected by CVE-2026-34770?
You are potentially affected if your Electron application uses the `powerMonitor` module and is running on version 38.8.6 or earlier.
How can I fix or mitigate CVE-2026-34770?
Currently, there is no official patch available. Monitor Electron's security advisories for updates and potential workarounds.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten