{
  "threat_severity" : "Moderate",
  "public_date" : "2026-04-03T23:55:20Z",
  "bugzilla" : {
    "description" : "Electron: Electron: Arbitrary code execution and information disclosure due to incorrect Node.js integration scoping",
    "id" : "2455023",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2455023"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-266",
  "details" : [ "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers spawned in frames configured with nodeIntegrationInWorker: false could still receive Node.js integration. Apps are only affected if they enable nodeIntegrationInWorker. Apps that do not use nodeIntegrationInWorker are not affected. This issue has been patched in versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0.", "A flaw was found in Electron, a framework for building desktop applications. In specific scenarios where applications enable Node.js integration, a misconfiguration could allow workers, which are background scripts, to gain Node.js capabilities even when explicitly disabled. This could enable a remote attacker to execute arbitrary code or access sensitive information within the application. Apps are only affected if they enable nodeIntegrationInWorker. Apps that do not use nodeIntegrationInWorker are not affected." ],
  "package_state" : [ {
    "product_name" : "Red Hat Build of Podman Desktop",
    "fix_state" : "Fix deferred",
    "package_name" : "podman-desktop-macos-1-0",
    "cpe" : "cpe:/a:redhat:podman_desktop:1"
  }, {
    "product_name" : "Red Hat Build of Podman Desktop",
    "fix_state" : "Fix deferred",
    "package_name" : "podman-desktop-windows-1-0",
    "cpe" : "cpe:/a:redhat:podman_desktop:1"
  }, {
    "product_name" : "Red Hat Build of Podman Desktop - Tech Preview",
    "fix_state" : "Fix deferred",
    "package_name" : "rhdesktop/rh-podman-desktop-ext-openshift-local-rhel10",
    "cpe" : "cpe:/a:redhat:podman_desktop:0"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-34775\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-34775\nhttps://github.com/electron/electron/security/advisories/GHSA-xwr5-m59h-vwqr" ],
  "name" : "CVE-2026-34775",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}