Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.0
Electron Apps Crash or Malfunction on Windows or macOS
GHSA-jjp3-mq3x-295m
CVE-2026-34770
Summary
Some Electron-based apps may crash or malfunction when using power-saving features on Windows or macOS. This is due to a software bug that affects apps that use power-saving alerts. To fix the issue, update your Electron version to a patched version.
What to do
- Update electron to version 38.8.6.
- Update electron to version 39.8.1.
- Update electron to version 40.8.0.
- Update electron to version 41.0.0-beta.8.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | electron | <= 38.8.6 | 38.8.6 |
| – | electron | > 39.0.0-alpha.1 , <= 39.8.1 | 39.8.1 |
| – | electron | > 40.0.0-alpha.1 , <= 40.8.0 | 40.8.0 |
| – | electron | > 41.0.0-alpha.1 , <= 41.0.0-beta.8 | 41.0.0-beta.8 |
Original title
Electron: Use-after-free in PowerMonitor on Windows and macOS
Original description
### Impact
Apps that use the `powerMonitor` module may be vulnerable to a use-after-free. After the native `PowerMonitor` object is garbage-collected, the associated OS-level resources (a message window on Windows, a shutdown handler on macOS) retain dangling references. A subsequent session-change event (Windows) or system shutdown (macOS) dereferences freed memory, which may lead to a crash or memory corruption.
All apps that access `powerMonitor` events (`suspend`, `resume`, `lock-screen`, etc.) are potentially affected. The issue is not directly renderer-controllable.
### Workarounds
There are no app side workarounds, you must update to a patched version of Electron.
### Fixed Versions
* `41.0.0-beta.8`
* `40.8.0`
* `39.8.1`
* `38.8.6`
### For more information
If there are any questions or comments about this advisory, please email [[email protected]](mailto:[email protected])
Apps that use the `powerMonitor` module may be vulnerable to a use-after-free. After the native `PowerMonitor` object is garbage-collected, the associated OS-level resources (a message window on Windows, a shutdown handler on macOS) retain dangling references. A subsequent session-change event (Windows) or system shutdown (macOS) dereferences freed memory, which may lead to a crash or memory corruption.
All apps that access `powerMonitor` events (`suspend`, `resume`, `lock-screen`, etc.) are potentially affected. The issue is not directly renderer-controllable.
### Workarounds
There are no app side workarounds, you must update to a patched version of Electron.
### Fixed Versions
* `41.0.0-beta.8`
* `40.8.0`
* `39.8.1`
* `38.8.6`
### For more information
If there are any questions or comments about this advisory, please email [[email protected]](mailto:[email protected])
ghsa CVSS3.1
7.0
Vulnerability type
CWE-416
Use After Free
Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026