CVE-2026-34779 in Electron
要約 (英語)
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on macOS, app.moveToApplicationsFolder() used an AppleScript fallback path that did not properly handle certain characters in the application bundle path. Under specific conditions, a crafted launch path could lead to arbitrary AppleScript execution when the user accepted the move-to-Applications prompt. Apps are only affected if they call app.moveToApplicationsFolder(). Apps that do not use this API are not affected. This issue has been patched in versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
責任者
GitHub_M
予約する
2026年03月30日
公開
2026年04月04日
ステータス
確認済み
エントリ
VulDB provides additional information and datapoints for this CVE:
| 識別子 | 脆弱性 | CWE | 悪用可 | 対策 | CVE |
|---|---|---|---|---|---|
| 355216 | Electron app.moveToApplicationsFolder 特権昇格 | 78 | 未定義 | 公式な修正 | CVE-2026-34779 |