CVE-2026-34766: Electron USB Device Selection Vulnerability
Plattform
nodejs
Komponente
electron
Behoben in
38.8.6
CVE-2026-34766 describes a vulnerability in Electron where the `select-usb-device` event callback doesn't properly validate the chosen device ID, potentially granting access to unintended USB devices. This impacts applications with specific device-selection logic, allowing access to devices outside the renderer's requested filters or exclusion lists. Affected versions include Electron ≤38.8.6. No official patch is currently available.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-34766?
CVE-2026-34766 is a vulnerability in Electron where the `select-usb-device` event callback fails to validate the chosen device ID, potentially granting unauthorized USB device access.
Am I affected by CVE-2026-34766?
You are potentially affected if you are using Electron version ≤38.8.6 and your application has unusual device-selection logic that could be influenced to select a device ID outside the filtered set.
How can I fix or mitigate CVE-2026-34766?
Currently, there is no official patch available. Consider implementing additional validation within your application to ensure the selected USB device ID matches the expected filters and exclusion lists.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten