{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34772", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-30T19:54:55.555Z", "datePublished": "2026-04-03T23:49:20.467Z", "dateUpdated": "2026-04-06T15:27:44.773Z"}, "containers": {"cna": {"title": "Electron: Use-after-free in download save dialog callback", "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "lang": "en", "description": "CWE-416: Use After Free", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/electron/electron/security/advisories/GHSA-9w97-2464-8783", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/electron/electron/security/advisories/GHSA-9w97-2464-8783"}], "affected": [{"vendor": "electron", "product": "electron", "versions": [{"version": "< 38.8.6", "status": "affected"}, {"version": ">= 39.0.0-alpha.1, < 39.8.0", "status": "affected"}, {"version": ">= 40.0.0-alpha.1, < 40.7.0", "status": "affected"}, {"version": ">= 41.0.0-alpha.1, < 41.0.0-beta.8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-03T23:49:20.467Z"}, "descriptions": [{"lang": "en", "value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down while a native save-file dialog is open for a download, dismissing the dialog dereferences freed memory, which may lead to a crash or memory corruption. Apps that do not destroy sessions at runtime, or that do not permit downloads, are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8."}], "source": {"advisory": "GHSA-9w97-2464-8783", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T15:27:31.566763Z", "id": "CVE-2026-34772", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T15:27:44.773Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34772", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-06T15:27:31.566763Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T15:27:35.499Z"}}], "cna": {"title": "Electron: Use-after-free in download save dialog callback", "source": {"advisory": "GHSA-9w97-2464-8783", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "electron", "product": "electron", "versions": [{"status": "affected", "version": "< 38.8.6"}, {"status": "affected", "version": ">= 39.0.0-alpha.1, < 39.8.0"}, {"status": "affected", "version": ">= 40.0.0-alpha.1, < 40.7.0"}, {"status": "affected", "version": ">= 41.0.0-alpha.1, < 41.0.0-beta.8"}]}], "references": [{"url": "https://github.com/electron/electron/security/advisories/GHSA-9w97-2464-8783", "name": "https://github.com/electron/electron/security/advisories/GHSA-9w97-2464-8783", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down while a native save-file dialog is open for a download, dismissing the dialog dereferences freed memory, which may lead to a crash or memory corruption. Apps that do not destroy sessions at runtime, or that do not permit downloads, are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416: Use After Free"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-03T23:49:20.467Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34772", "state": "PUBLISHED", "dateUpdated": "2026-04-06T15:27:44.773Z", "dateReserved": "2026-03-30T19:54:55.555Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-03T23:49:20.467Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down while a native save-file dialog is open for a download, dismissing the dialog dereferences freed memory, which may lead to a crash or memory corruption. Apps that do not destroy sessions at runtime, or that do not permit downloads, are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8."}], "id": "CVE-2026-34772", "lastModified": "2026-04-07T13:20:55.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 4.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-04T00:16:18.133", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/electron/electron/security/advisories/GHSA-9w97-2464-8783"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "Electron: Electron: Use-after-free vulnerability leads to memory corruption or crash", "id": "2455005", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455005"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L", "status": "draft"}, "cwe": "CWE-825", "details": ["Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down while a native save-file dialog is open for a download, dismissing the dialog dereferences freed memory, which may lead to a crash or memory corruption. Apps that do not destroy sessions at runtime, or that do not permit downloads, are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8.", "A flaw was found in Electron, a framework used for developing cross-platform desktop applications. This vulnerability, known as a use-after-free, affects applications that manage downloads and actively terminate user sessions. It occurs when a user dismisses a file save dialog while the application is simultaneously closing the associated session, causing the application to access memory that has already been released. This can lead to an application crash or, in more severe cases, memory corruption. Apps that do not destroy sessions at runtime, or that do not permit downloads, are not affected."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-34772", "package_state": [{"cpe": "cpe:/a:redhat:podman_desktop:1", "fix_state": "Fix deferred", "package_name": "podman-desktop-macos-1-0", "product_name": "Red Hat Build of Podman Desktop"}, {"cpe": "cpe:/a:redhat:podman_desktop:1", "fix_state": "Fix deferred", "package_name": "podman-desktop-windows-1-0", "product_name": "Red Hat Build of Podman Desktop"}, {"cpe": "cpe:/a:redhat:podman_desktop:0", "fix_state": "Fix deferred", "package_name": "rhdesktop/rh-podman-desktop-ext-openshift-local-rhel10", "product_name": "Red Hat Build of Podman Desktop - Tech Preview"}], "public_date": "2026-04-03T23:49:20Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-34772\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-34772\nhttps://github.com/electron/electron/security/advisories/GHSA-9w97-2464-8783"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,38.8.6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[39.0.0-alpha.1,39.8.0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[40.0.0-alpha.1,40.7.0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[41.0.0-alpha.1,41.0.0-beta.8)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "electron", "source": "cna", "vendor": "electron"}, "product": "electron", "vendor": "electron"}], "analysis": {"en": {"generated_at": "2026-04-07T01:47:02.312720+00:00", "value": {"mitigation_remediation": ["Upgrade Electron to version 38.8.6, 39.8.0, 40.7.0, 41.0.0\u2011beta.8 or newer."], "summary": {"action": "Patch Immediately", "impact": "Memory Corruption"}, "threat_synthesis": {"affected_systems": "The Electron framework, versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0\u2011beta.8 are patched for this issue. Applications built with earlier releases of Electron and that allow downloads and session destruction at runtime are affected. Applications that do not allow downloads or do not destroy sessions at runtime are not impacted.\n", "description_and_impact": "A use\u2011after\u2011free occurs when an Electron application that supports downloads programmatically destroys a session while a native file\u2011save dialog is open. Dismissing the dialog after the session has been torn down dereferences already freed memory, which may cause the application to crash or corrupt memory. If the corrupted memory is exploitable, an attacker could potentially achieve remote code execution. Based on the description, the vulnerable condition requires the attacker to have influence over the application\u2019s session life cycle and trigger a download save dialog.\n", "risk_and_exploitability": "The CVSS score of 5.8 indicates a medium severity as the vulnerability could lead to denial of service or memory corruption but does not guarantee remote code execution. The EPSS score of less than 1% suggests a low likelihood of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is most likely local, requiring the attacker to control the application or influence user actions. Overall, the risk is moderate, mitigated further by the low exploitation probability."}}}}, "created": "2026-04-06T21:21:38.177359+00:00", "updated": "2026-04-07T07:16:26.655058+00:00", "vendors": ["electron", "electron$PRODUCT$electron"]}