Node Integration Misconfiguration in Electron Framework Affects Cross-Platform Applications
CVE-2026-34775

6.8MEDIUM

Key Information:

Vendor: Electron
Status: Electron
Vendor: CVE Published:; 3 April 2026

What is CVE-2026-34775?

The Electron framework, essential for developing cross-platform desktop applications using web technologies, has a vulnerability related to the misconfiguration of the nodeIntegrationInWorker webPreference. This issue arises when workers spawned in environments with nodeIntegrationInWorker set to false can inadvertently access Node.js integration, thereby compromising application security. Applications that do not utilize nodeIntegrationInWorker are unaffected, but those enabling it should upgrade to patched versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0 to mitigate potential risks.

Affected Version(s)

electron < 38.8.6 < 38.8.6

electron >= 39.0.0-alpha.1, < 39.8.4 < 39.0.0-alpha.1, 39.8.4

electron >= 40.0.0-alpha.1, < 40.8.4 < 40.0.0-alpha.1, 40.8.4

References

https://github.com/electron/electron/security/advisories/...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2026
Vulnerability Reserved
Mar 30, 2026

CVE-2026-34775 Data

JSON