CVE-2026-34766

A flaw was found in Electron. An attacker could influence an application's handler for the select-usb-device event to select a USB device ID outside of the filtered list. This could grant access to a USB device that was not intended by the application's security filters, potentially leading to...

CVE-2026-34766 Electron: USB device selection not validated against filtered device list

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, the select-usb-device event callback did not validate the chosen device ID against the filtered list that was presented to the...

CVE-2026-34766

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, the select-usb-device event callback did not validate the chosen device ID against the filtered list that was presented to the...

CVE-2026-34766 Electron: USB device selection not validated against filtered device list

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, the select-usb-device event callback did not validate the chosen device ID against the filtered list that was presented to the...

EUVD-2026-18931

Electron: USB device selection not validated against filtered device list...

GHSA-9899-M83M-QHPJ Electron: USB device selection not validated against filtered device list

Impact The select-usb-device event callback did not validate the chosen device ID against the filtered list that was presented to the handler. An app whose handler could be influenced to select a device ID outside the filtered set would grant access to a device that did not match the renderer's...

Electron: USB device selection not validated against filtered device list

Impact The select-usb-device event callback did not validate the chosen device ID against the filtered list that was presented to the handler. An app whose handler could be influenced to select a device ID outside the filtered set would grant access to a device that did not match the renderer's...

Missing Authorization

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Missing Authorization in the select-usb-device event callback, which did not validate the chosen device ID...

CVE-2022-33723

A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack...

CVE-2022-33723

A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack...

PT-2022-21844 · Unknown · Secdevicepickerdialog

Name of the Vulnerable Software and Affected Versions: SecDevicePickerDialog versions prior to SMR Aug-2022 Release 1 Description: A vulnerable code in the onCreate method of SecDevicePickerDialog allows attackers to trick the user into selecting an unwanted Bluetooth device via tapjacking or...

CVE-2021-0586

In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

Password protection bypass in Intel D845 motherboards

Password is not required to select boot device...