Denial of Service in Electron Framework Affecting Desktop Applications
CVE-2026-34781

2.8LOW

Key Information:

Vendor: Electron
Status: Electron
Vendor: CVE Published:; 7 April 2026

What is CVE-2026-34781?

The Electron framework, widely used for developing cross-platform desktop applications, has a vulnerability affecting versions prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5. Applications that utilize the clipboard.readImage() function can experience a denial of service when the clipboard contains image data that fails to decode properly. This results in a null bitmap being passed unchecked to the image construction process, leading to a controlled abort and crashing the application. This issue is solely tied to the use of clipboard.readImage(); applications that do not read images from the clipboard remain unaffected. The vulnerability has been addressed in the specified versions.

Affected Version(s)

electron < 39.8.5 < 39.8.5

electron >= 40.0.0-alpha.1, < 40.8.5 < 40.0.0-alpha.1, 40.8.5

electron >= 41.0.0-alpha.1, < 41.1.0 < 41.0.0-alpha.1, 41.1.0

References

https://github.com/electron/electron/security/advisories/...

x_refsource_CONFIRM

CVSS V3.1

Score:

2.8

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Mar 30, 2026

CVE-2026-34781 Data

JSON