CVE-2026-34775: Electron Node.js Integration Vulnerability (≤38.8.6)
Plattform
nodejs
Komponente
electron
Behoben in
38.8.6
CVE-2026-34775 describes an issue in Electron where the `nodeIntegrationInWorker` webPreference was not correctly scoped, potentially allowing workers to receive Node.js integration even when configured otherwise. This can lead to security vulnerabilities if an application enables `nodeIntegrationInWorker` and also opens child windows or embeds content with differing webPreferences. This issue affects Electron versions up to and including 38.8.6. The vulnerability has been fixed in Electron versions 41.0.0, 40.8.4, 39.8.4, and 38.8.6.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-34775?
CVE-2026-34775 is a vulnerability in Electron where Node.js integration can be incorrectly exposed in workers due to improper scoping of the `nodeIntegrationInWorker` webPreference.
Am I affected by CVE-2026-34775?
You are affected if you are using Electron version 38.8.6 or earlier and your application enables `nodeIntegrationInWorker` while also opening child windows or embedding content with differing webPreferences.
How do I fix CVE-2026-34775?
Upgrade to Electron version 41.0.0, 40.8.4, 39.8.4, or 38.8.6. Alternatively, avoid enabling `nodeIntegrationInWorker` in apps that also open child windows or embed content with differing webPreferences.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten