Use-After-Free Vulnerability in Electron Framework Impacting JavaScript Applications
CVE-2026-34770

7HIGH

Key Information:

Vendor

Electron

Status
Electron
Vendor
CVE Published:
3 April 2026

What is CVE-2026-34770?

The Electron framework, widely used to develop cross-platform desktop applications, is vulnerable to a use-after-free flaw related to the powerMonitor module. When the native PowerMonitor object is garbage collected, the lingering OS-level resources—such as a message window on Windows and a shutdown handler on macOS—can lead to maintain dangling references. If a session-change event occurs on Windows or a system shutdown is initiated on macOS, this inappropriate memory dereferencing may result in application crashes or memory corruption. All applications utilizing powerMonitor events, including suspend, resume, and lock-screen, are potentially exposed to this vulnerability, which has been addressed in recent updates.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

electron < 38.8.6 < 38.8.6

electron >= 39.0.0-alpha.1, < 39.8.1 < 39.0.0-alpha.1, 39.8.1

electron >= 40.0.0-alpha.1, < 40.8.0 < 40.0.0-alpha.1, 40.8.0

References

https://github.com/electron/electron/security/advisories/...
x_refsource_CONFIRM

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.