Buffer Overflow Vulnerability in Electron Framework by GitHub
CVE-2026-54257

9.3CRITICAL

Key Information:

Vendor: Electron
Status: Electron
Vendor: CVE Published:; 23 June 2026

What is CVE-2026-54257?

The Electron framework, commonly used for developing cross-platform desktop applications, has a vulnerability that affects versions 42.3.1 through 42.3.3. This issue arises from incorrect byte length calculations in the Buffer component, leading to potential heap buffer underflows and overflows. As a result, applications built on this framework may experience crashes or perform erroneous buffer allocations within the Node.js Buffer API, causing unexpected behaviors such as data truncation or improper memory handling. This vulnerability has been addressed in version 42.3.3.

Affected Version(s)

electron >= 42.3.1, < 42.3.3

References

https://github.com/electron/electron/security/advisories/...

x_refsource_CONFIRM

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
Jun 12, 2026

CVE-2026-54257 Data

JSON