CVE-2026-43940 | electerm up to 3.7.15 ftp runWidget path traversal

A vulnerability categorized as critical has been discovered in electerm up to 3.7.15. The impacted element is the function runWidget of the file terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp. Such manipulation leads to path traversal.

This vulnerability is documented as CVE-2026-43940. The attack needs to be performed locally. There is not any exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More