Vulnerability DatabaseCVE-2026-34781
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-34781
Published:April 07, 2026
Updated:April 25, 2026
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that call clipboard.readImage() may be vulnerable to a denial of service. If the system clipboard contains image data that fails to decode, the resulting null bitmap is passed unchecked to image construction, triggering a controlled abort and crashing the process. Apps are only affected if they call clipboard.readImage(). Apps that do not read images from the clipboard are not affected. This issue does not allow memory corruption or code execution. This vulnerability is fixed in 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5.
Affected Packages
https://github.com/electron/electron.git (GITHUB):
Affected version(s) >=v40.0.0-alpha.1 <v40.8.5
Fix Suggestion:
Update to version v40.8.5
https://github.com/electron/electron.git (GITHUB):
Affected version(s) >=v0.1.0 <v39.8.5
Fix Suggestion:
Update to version v39.8.5
https://github.com/electron/electron.git (GITHUB):
Affected version(s) >=v41.0.0-alpha.1 <v41.1.0
Fix Suggestion:
Update to version v41.1.0
https://github.com/electron/electron.git (GITHUB):
Affected version(s) >=v42.0.0-alpha.1 <v42.0.0-alpha.5
Fix Suggestion:
Update to version v42.0.0-alpha.5
electron (NPM):
Affected version(s) >=42.0.0-alpha.1 <42.0.0-alpha.5
Fix Suggestion:
Update to version 42.0.0-alpha.5
electron (NPM):
Affected version(s) >=41.0.0-alpha.1 <41.1.0
Fix Suggestion:
Update to version 41.1.0
electron (NPM):
Affected version(s) >=0.1.0 <39.8.5
Fix Suggestion:
Update to version 39.8.5
electron (NPM):
Affected version(s) >=40.0.0-alpha.2 <40.8.5
Fix Suggestion:
Update to version 40.8.5
Related Resources (9)
https://github.com/electron/electron/releases/tag/v40.8.5
https://nvd.nist.gov/vuln/detail/CVE-2026-34781
https://github.com/electron/electron/pull/50475
https://github.com/electron/electron/releases/tag/v41.1.0
https://github.com/electron/electron/security/advisories/GHSA-f37v-82c4-4x64
https://github.com/electron/electron/releases/tag/v39.8.5
https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5
https://github.com/electron/electron/commit/a48f03fb8d03933547281ddb2dbb6c6b9e705287
https://github.com/electron/electron
Do you need more information?
Contact Us
CVSS v4
Base Score:
2.4
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
PASSIVE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
2.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW
Weakness Type (CWE)
NULL Pointer Dereference
CWE-476
EPSS
Base Score:
0.01