Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-34774— Electron: Use-after-free in offscreen child window paint callback

CVSS 8.1 · High EPSS 0.02% · P5
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-34774

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Electron: Use-after-free in offscreen child window paint callback
Source: NVD (National Vulnerability Database)
Vulnerability Description
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open() may be vulnerable to a use-after-free. If the parent offscreen WebContents is destroyed while a child window remains open, subsequent paint frames on the child dereference freed memory, which may lead to a crash or memory corruption. Apps are only affected if they use offscreen rendering (webPreferences.offscreen: true) and their setWindowOpenHandler permits child windows. Apps that do not use offscreen rendering, or that deny child windows, are not affected. This issue has been patched in versions 39.8.1, 40.7.0, and 41.0.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
释放后使用
Source: NVD (National Vulnerability Database)
Vulnerability Title
Electron 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Electron是Electron开源的一个用户编写跨平台桌面应用的 JavaScript 框架。该框架基于 nodejs 和 Chromium 可以使用HTML,CSS实现跨平台桌面应用的编写。 Electron 39.8.1之前版本、40.7.0之前版本和41.0.0之前版本存在资源管理错误漏洞,该漏洞源于使用离屏渲染并允许通过window.open创建子窗口时存在释放后重用问题,可能导致崩溃或内存损坏。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
electronelectron < 39.8.1 -

II. Public POCs for CVE-2026-34774

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-34774

登录查看更多情报信息。

Same Patch Batch · electron · 2026-04-03 · 13 CVEs total

CVE-2026-347697.8 HIGHElectron: Renderer command-line switch injection via undocumented commandLineSwitches webP
CVE-2026-347717.5 HIGHElectron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permis
CVE-2026-347707.0 HIGHElectron: Use-after-free in PowerMonitor on Windows and macOS
CVE-2026-347756.8 MEDIUMElectron: nodeIntegrationInWorker not correctly scoped in shared renderer processes
CVE-2026-347675.9 MEDIUMElectron: HTTP Response Header Injection in custom protocol handlers and webRequest
CVE-2026-347785.9 MEDIUMElectron: Service worker can spoof executeJavaScript IPC replies
CVE-2026-347725.8 MEDIUMElectron: Use-after-free in download save dialog callback
CVE-2026-347775.4 MEDIUMElectron: Incorrect origin passed to permission request handler for iframe requests
CVE-2026-347765.3 MEDIUMElectron: Out-of-bounds read in second-instance IPC on macOS and Linux
CVE-2026-347734.7 MEDIUMElectron: Registry key path injection in app.setAsDefaultProtocolClient on Windows
CVE-2026-347683.9 LOWElectron: Unquoted executable path in app.setLoginItemSettings on Windows
CVE-2026-347663.3 LOWElectron: USB device selection not validated against filtered device list

IV. Related Vulnerabilities

Same product: electron
Same vendor: electron
Same weakness: CWE-416

V. Comments for CVE-2026-34774

No comments yet

Leave a comment