CVE-2026-34769

A flaw was found in Electron, a framework for building desktop applications. This vulnerability arises from an undocumented commandLineSwitches webPreference that allows arbitrary command-line switches to be appended to the renderer process. A remote attacker could exploit this by providing...

CVE-2026-34769 Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. Ap...

EUVD-2026-18937

Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference...

Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference

Impact An undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. Apps that construct webPreferences by spreading untrusted configuration objects may inadvertently allow an attacker to inject switches that disable renderer...