{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34764", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-30T19:17:10.225Z", "datePublished": "2026-04-06T15:46:40.189Z", "dateUpdated": "2026-04-07T16:00:32.633Z"}, "containers": {"cna": {"title": "Electron has a use-after-free in offscreen shared texture release() callback", "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "lang": "en", "description": "CWE-416: Use After Free", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/electron/electron/security/advisories/GHSA-8x5q-pvf5-64mp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/electron/electron/security/advisories/GHSA-8x5q-pvf5-64mp"}], "affected": [{"vendor": "electron", "product": "electron", "versions": [{"version": ">= 33.0.0-alpha.1, < 39.8.5", "status": "affected"}, {"version": ">= 40.0.0-alpha.1, < 40.8.5", "status": "affected"}, {"version": ">= 41.0.0-alpha.1, < 41.1.0", "status": "affected"}, {"version": ">= 42.0.0-alpha.1, < 42.0.0-alpha.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-06T15:46:40.189Z"}, "descriptions": [{"lang": "en", "value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alpha.1 to before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain conditions, the release() callback provided on a paint event texture can outlive its backing native state, and invoking it after that point dereferences freed memory in the main process, which may lead to a crash or memory corruption. Apps are only affected if they use offscreen rendering with webPreferences.offscreen: { useSharedTexture: true }. Apps that do not enable shared-texture offscreen rendering are not affected. To mitigate this issue, ensure texture.release() is called promptly after the texture has been consumed, before the texture object becomes unreachable. This vulnerability is fixed in 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5."}], "source": {"advisory": "GHSA-8x5q-pvf5-64mp", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T15:47:38.395738Z", "id": "CVE-2026-34764", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T16:00:32.633Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34764", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-07T15:47:38.395738Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T15:47:42.284Z"}}], "cna": {"title": "Electron has a use-after-free in offscreen shared texture release() callback", "source": {"advisory": "GHSA-8x5q-pvf5-64mp", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "electron", "product": "electron", "versions": [{"status": "affected", "version": ">= 33.0.0-alpha.1, < 39.8.5"}, {"status": "affected", "version": ">= 40.0.0-alpha.1, < 40.8.5"}, {"status": "affected", "version": ">= 41.0.0-alpha.1, < 41.1.0"}, {"status": "affected", "version": ">= 42.0.0-alpha.1, < 42.0.0-alpha.5"}]}], "references": [{"url": "https://github.com/electron/electron/security/advisories/GHSA-8x5q-pvf5-64mp", "name": "https://github.com/electron/electron/security/advisories/GHSA-8x5q-pvf5-64mp", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alpha.1 to before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain conditions, the release() callback provided on a paint event texture can outlive its backing native state, and invoking it after that point dereferences freed memory in the main process, which may lead to a crash or memory corruption. Apps are only affected if they use offscreen rendering with webPreferences.offscreen: { useSharedTexture: true }. Apps that do not enable shared-texture offscreen rendering are not affected. To mitigate this issue, ensure texture.release() is called promptly after the texture has been consumed, before the texture object becomes unreachable. This vulnerability is fixed in 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416: Use After Free"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-06T15:46:40.189Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34764", "state": "PUBLISHED", "dateUpdated": "2026-04-07T16:00:32.633Z", "dateReserved": "2026-03-30T19:17:10.225Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-06T15:46:40.189Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "A297C09B-A2A1-47B9-BC7B-223A0FE6F408", "versionEndExcluding": "39.8.5", "versionStartIncluding": "33.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "E5767B84-F164-4EC4-8A31-8E243374EA89", "versionEndExcluding": "40.8.5", "versionStartIncluding": "40.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "A87A2631-72BF-432E-B014-AEFE45CB9BAE", "versionEndExcluding": "41.1.0", "versionStartIncluding": "41.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:42.0.0:alpha1:*:*:*:node.js:*:*", "matchCriteriaId": "498062D8-5C83-4FC2-A04B-94F3228B2BED", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:42.0.0:alpha2:*:*:*:node.js:*:*", "matchCriteriaId": "A272F9F4-AB62-407C-B1A8-18586A474C19", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:42.0.0:alpha3:*:*:*:node.js:*:*", "matchCriteriaId": "BF49E260-9653-4D26-8B6C-C6FAFE697F5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:42.0.0:alpha4:*:*:*:node.js:*:*", "matchCriteriaId": "2F3B609A-0CA5-4E8C-865E-CF79B6B0CCCC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alpha.1 to before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain conditions, the release() callback provided on a paint event texture can outlive its backing native state, and invoking it after that point dereferences freed memory in the main process, which may lead to a crash or memory corruption. Apps are only affected if they use offscreen rendering with webPreferences.offscreen: { useSharedTexture: true }. Apps that do not enable shared-texture offscreen rendering are not affected. To mitigate this issue, ensure texture.release() is called promptly after the texture has been consumed, before the texture object becomes unreachable. This vulnerability is fixed in 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5."}], "id": "CVE-2026-34764", "lastModified": "2026-05-01T20:01:12.550", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-06T16:16:36.767", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/electron/electron/security/advisories/GHSA-8x5q-pvf5-64mp"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "Electron: Electron: Memory corruption or crash due to use-after-free in offscreen rendering with shared textures.", "id": "2455466", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455466"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-825", "details": ["A flaw was found in Electron, a framework for building desktop applications. This vulnerability, a use-after-free, affects applications that utilize offscreen rendering with GPU shared textures. Under specific conditions, a callback function can attempt to access memory that has already been released, leading to a crash or memory corruption. This issue specifically impacts applications configured with `webPreferences.offscreen: { useSharedTexture: true }`."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-34764", "package_state": [{"cpe": "cpe:/a:redhat:podman_desktop:1", "fix_state": "Fix deferred", "package_name": "podman-desktop-macos-1-0", "product_name": "Red Hat Build of Podman Desktop"}, {"cpe": "cpe:/a:redhat:podman_desktop:1", "fix_state": "Fix deferred", "package_name": "podman-desktop-windows-1-0", "product_name": "Red Hat Build of Podman Desktop"}, {"cpe": "cpe:/a:redhat:podman_desktop:0", "fix_state": "Fix deferred", "package_name": "rhdesktop/rh-podman-desktop-ext-openshift-local-rhel10", "product_name": "Red Hat Build of Podman Desktop - Tech Preview"}], "public_date": "2026-04-06T15:46:40Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-34764\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-34764\nhttps://github.com/electron/electron/security/advisories/GHSA-8x5q-pvf5-64mp"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[33.0.0-alpha.1,39.8.5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[40.0.0-alpha.1,40.8.5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[41.0.0-alpha.1,41.1.0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[42.0.0-alpha.1,42.0.0-alpha.5)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "electron", "source": "cna", "vendor": "electron"}, "product": "electron", "vendor": "electron"}], "analysis": {"en": {"generated_at": "2026-04-07T01:43:41.146791+00:00", "value": {"mitigation_remediation": ["Upgrade Electron to version 39.8.5, 40.8.5, 41.1.0, or 42.0.0\u2011alpha.5 where the issue is fixed.", "If upgrading is not immediately possible, ensure that texture.release() is invoked promptly after the texture is consumed and before the texture object becomes unreachable.", "Disable shared\u2011texture offscreen rendering by setting webPreferences.offscreen.useSharedTexture to false if the feature is not required.", "Monitor application stability for signs of crashes or memory corruption and consider rolling back to a known\u2011stable Electron release if the problem persists."], "summary": {"action": "Apply patch", "impact": "Use\u2011after\u2011free leading to potential crash or memory corruption"}, "threat_synthesis": {"affected_systems": "The issue affects Electron applications that enable offscreen rendering with shared textures. Versions from 33.0.0\u2011alpha.1 up to, but not including, 39.8.5, 40.8.5, 41.1.0, and 42.0.0\u2011alpha.5 are vulnerable when webPreferences.offscreen.useSharedTexture is true. Applications that do not use shared\u2011texture offscreen rendering are not affected. The problem is specific to the Electron framework, not to end users\u2019 operating systems or browsers.", "description_and_impact": "This vulnerability is a use\u2011after\u2011free in Electron\u2019s handling of offscreen GPU shared textures. When the release() callback on a paint event texture is invoked after the associated native backing has been freed, the main process dereferences invalid memory. The result can be a crash or more severe memory corruption that may be exploitable for code execution in some contexts, although the advisory does not confirm direct remote code execution.", "risk_and_exploitability": "The CVSS score of 2.3 indicates a low severity, and the EPSS score is not available. Because the flaw requires the application to employ offscreen rendering with shared textures, the likelihood of exploitation in the wild is limited. Attackers would need to trigger the release() callback after the texture\u2019s native state has been freed, which is dependent on the app\u2019s rendering logic. The vulnerability is not listed in the CISA KEV catalog, further suggesting that widespread exploitation has not been observed. The primary consequence is a crash or memory corruption, which may be leveraged for more advanced attacks if combined with other weaknesses."}}}}, "created": "2026-04-06T20:13:52.946375+00:00", "updated": "2026-04-07T06:54:57.549339+00:00", "vendors": ["electron", "electron$PRODUCT$electron"]}