{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34771", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-30T19:54:55.555Z", "datePublished": "2026-04-03T23:47:23.171Z", "dateUpdated": "2026-04-08T03:55:37.519Z"}, "containers": {"cna": {"title": "Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks", "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "lang": "en", "description": "CWE-416: Use After Free", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/electron/electron/security/advisories/GHSA-8337-3p73-46f4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/electron/electron/security/advisories/GHSA-8337-3p73-46f4"}], "affected": [{"vendor": "electron", "product": "electron", "versions": [{"version": "< 38.8.6", "status": "affected"}, {"version": ">= 39.0.0-alpha.1, < 39.8.0", "status": "affected"}, {"version": ">= 40.0.0-alpha.1, < 40.7.0", "status": "affected"}, {"version": ">= 41.0.0-alpha.1, < 41.0.0-beta.8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-03T23:47:23.171Z"}, "descriptions": [{"lang": "en", "value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register an asynchronous session.setPermissionRequestHandler() may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, invoking the stored callback dereferences freed memory, which may lead to a crash or memory corruption. Apps that do not set a permission request handler, or whose handler responds synchronously, are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8."}], "source": {"advisory": "GHSA-8337-3p73-46f4", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-34771"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T03:55:37.519Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34771", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-06T16:04:11.207548Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T16:04:15.675Z"}}], "cna": {"title": "Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks", "source": {"advisory": "GHSA-8337-3p73-46f4", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "electron", "product": "electron", "versions": [{"status": "affected", "version": "< 38.8.6"}, {"status": "affected", "version": ">= 39.0.0-alpha.1, < 39.8.0"}, {"status": "affected", "version": ">= 40.0.0-alpha.1, < 40.7.0"}, {"status": "affected", "version": ">= 41.0.0-alpha.1, < 41.0.0-beta.8"}]}], "references": [{"url": "https://github.com/electron/electron/security/advisories/GHSA-8337-3p73-46f4", "name": "https://github.com/electron/electron/security/advisories/GHSA-8337-3p73-46f4", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register an asynchronous session.setPermissionRequestHandler() may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, invoking the stored callback dereferences freed memory, which may lead to a crash or memory corruption. Apps that do not set a permission request handler, or whose handler responds synchronously, are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416: Use After Free"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-03T23:47:23.171Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34771", "state": "PUBLISHED", "dateUpdated": "2026-04-08T03:55:37.519Z", "dateReserved": "2026-03-30T19:54:55.555Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-03T23:47:23.171Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "9CE003A2-03CC-4355-AA17-2CBD204EC6C3", "versionEndExcluding": "38.8.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "642CA6B2-000A-480D-B062-80593D150787", "versionEndExcluding": "39.8.0", "versionStartIncluding": "39.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "E54036E0-1D1F-4265-A2F3-B9C1F88F65ED", "versionEndExcluding": "40.7.0", "versionStartIncluding": "40.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:41.0.0:alpha1:*:*:*:node.js:*:*", "matchCriteriaId": "A20225D6-F435-4D09-962D-B162F521B6AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:41.0.0:alpha2:*:*:*:node.js:*:*", "matchCriteriaId": "33712802-EB60-4E9A-83B8-9F2320B70CB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:41.0.0:alpha3:*:*:*:node.js:*:*", "matchCriteriaId": "9D0A9142-54FE-47BB-9FEB-5E97528E28FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:41.0.0:alpha4:*:*:*:node.js:*:*", "matchCriteriaId": "9E1D191F-DEAE-4DB3-9822-F31AF9FE3BAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:41.0.0:alpha5:*:*:*:node.js:*:*", "matchCriteriaId": "45A8192F-3D2C-4987-9BBE-7ECC3F71965D", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:41.0.0:alpha6:*:*:*:node.js:*:*", "matchCriteriaId": "EEA1A2E5-03DB-46CB-8427-7F31A8A7CE1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:41.0.0:beta1:*:*:*:node.js:*:*", "matchCriteriaId": "B2DFCE75-BD3F-4537-B5B8-14097E262EA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:41.0.0:beta2:*:*:*:node.js:*:*", "matchCriteriaId": "BC346E25-EA43-4615-8CDB-16D15D46E4FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:41.0.0:beta3:*:*:*:node.js:*:*", "matchCriteriaId": "FA5B3C00-CAFC-4995-BF35-9920F3039E77", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:41.0.0:beta4:*:*:*:node.js:*:*", "matchCriteriaId": "3672F3FB-6B5E-40FD-8A92-CB4DD6BC6A93", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:41.0.0:beta5:*:*:*:node.js:*:*", "matchCriteriaId": "9EE4F8AE-21D2-4815-85B7-B7ECCC0D5059", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:41.0.0:beta6:*:*:*:node.js:*:*", "matchCriteriaId": "D195760C-7DD9-4259-9042-EDE65AEAC1D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:41.0.0:beta7:*:*:*:node.js:*:*", "matchCriteriaId": "B370859F-24D3-4B25-B580-1A5B6DB94BFE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register an asynchronous session.setPermissionRequestHandler() may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, invoking the stored callback dereferences freed memory, which may lead to a crash or memory corruption. Apps that do not set a permission request handler, or whose handler responds synchronously, are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8."}], "id": "CVE-2026-34771", "lastModified": "2026-04-22T15:10:22.620", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-04T00:16:17.980", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/electron/electron/security/advisories/GHSA-8337-3p73-46f4"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "electron: Electron: Memory corruption or application crash via use-after-free in permission request handling", "id": "2454995", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454995"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-364", "details": ["Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register an asynchronous session.setPermissionRequestHandler() may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, invoking the stored callback dereferences freed memory, which may lead to a crash or memory corruption. Apps that do not set a permission request handler, or whose handler responds synchronously, are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8.", "A flaw was found in Electron, a framework for building desktop applications. This vulnerability, known as a use-after-free, occurs when an application registers an asynchronous permission request handler and a frame navigates or a window closes while the handler is pending. A remote attacker could exploit this by causing the application to attempt to access freed memory. This could lead to a crash of the application or memory corruption, potentially allowing for further unauthorized actions."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-34771", "package_state": [{"cpe": "cpe:/a:redhat:podman_desktop:1", "fix_state": "Affected", "package_name": "podman-desktop-macos-1-0", "product_name": "Red Hat Build of Podman Desktop"}, {"cpe": "cpe:/a:redhat:podman_desktop:1", "fix_state": "Affected", "package_name": "podman-desktop-windows-1-0", "product_name": "Red Hat Build of Podman Desktop"}, {"cpe": "cpe:/a:redhat:podman_desktop:0", "fix_state": "Affected", "package_name": "rhdesktop/rh-podman-desktop-ext-openshift-local-rhel10", "product_name": "Red Hat Build of Podman Desktop - Tech Preview"}], "public_date": "2026-04-03T23:47:23Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-34771\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-34771\nhttps://github.com/electron/electron/security/advisories/GHSA-8337-3p73-46f4"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,38.8.6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[39.0.0-alpha.1,39.8.0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[40.0.0-alpha.1,40.7.0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[41.0.0-alpha.1,41.0.0-beta.8)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "electron", "source": "cna", "vendor": "electron"}, "product": "electron", "vendor": "electron"}], "analysis": {"en": {"generated_at": "2026-04-07T02:13:21.984211+00:00", "value": {"mitigation_remediation": ["Update Electron to version 38.8.6, 39.8.0, 40.7.0, or 41.0.0\u2011beta.8 or later to receive the patch.", "Confirm that applications do not register asynchronous permission handlers for fullscreen, pointer\u2011lock, or keyboard\u2011lock requests; use synchronous handlers or remove the handler if updating immediately is not feasible.", "If the application must remain on an older Electron release, modify the permission request logic to prevent window navigations or closures while a callback is pending, or drop the callback before navigation or exit to avoid the use\u2011after\u2011free scenario."], "summary": {"action": "Patch promptly", "impact": "Memory corruption and crash"}, "threat_synthesis": {"affected_systems": "Electron framework releases older than 38.8.6, 39.8.0, 40.7.0, and 41.0.0\u2011beta.8 are affected when applications register an asynchronous permission handler for the three permissions. Applications that do not set such a handler or that respond synchronously are not impacted. Any desktop application built with the electron:electron framework that falls within these version ranges and uses async handlers is potentially vulnerable.", "description_and_impact": "A use\u2011after\u2011free issue exists in Electron\u2019s WebContents permission callbacks for fullscreen, pointer\u2011lock, and keyboard\u2011lock. When an application registers an asynchronous session.setPermissionRequestHandler(), the stored callback may be invoked after the requesting page navigates or the window closes, leading the framework to dereference freed memory. This can cause a crash or memory corruption. The vulnerability is tied to CWE\u2011364 (Read After Free) and CWE\u2011416 (Use After Free).", "risk_and_exploitability": "The CVSS base score of 7.5 indicates high severity, yet the EPSS score is below 1\u202f%, suggesting a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector requires an application to process permission requests asynchronously; by forcing a navigation or closing a window while a permission request is pending, the stored callback can be invoked on freed memory, leading to crash or corruption. No public exploits have been reported, and the impact is confined to memory corruption or application crash rather than remote code execution."}}}}, "created": "2026-04-06T21:21:39.338943+00:00", "updated": "2026-04-07T07:16:27.616433+00:00", "vendors": ["electron", "electron$PRODUCT$electron"]}