CVE-2023-44402

Name: CVE-2023-44402
Creator: NVD / NIST
Published: 2023-12-01T22:15:09.97+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7/10EPSS 0.21%

Last modified Jun 17, 2026

CVE-2023-44402 is a high-severity vulnerability rated 7/10 on the CVSS scale. Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses enabled. EPSS estimates a 0.21% chance of exploitation in the next 30 days.

Description

Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `.app` bundle on macOS which these fuses are supposed to protect against. There are no app side workarounds, you must update to a patched version of Electron.

Metrics

CVSS 3.1

7/10

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability

0.21%

10.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-345

Affected Software

Vendor	Product	Versions	Update
Electronjs	Electron	<= 22.3.24	—
Electronjs	Electron	>= 23.0.0, <= 23.3.14	—
Electronjs	Electron	>= 24.0.0, <= 24.8.3	—
Electronjs	Electron	>= 25.0.0, <= 25.8.1	—
Electronjs	Electron	>= 26.0.0, <= 26.2.1	—
Electronjs	Electron	27.0.0	Alpha1

References

https://github.com/electron/electron/pull/39788Issue Tracking
https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85Vendor Advisory
https://www.electronjs.org/docs/latest/tutorial/fusesProduct
https://github.com/electron/electron/pull/39788Issue Tracking
https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85Vendor Advisory
https://www.electronjs.org/docs/latest/tutorial/fusesProduct

Timeline

Published: Dec 1, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-44402?

How severe is CVE-2023-44402?

CVE-2023-44402 has a CVSS score of 7/10 (HIGH severity). The EPSS model estimates a 0.21% probability of exploitation in the next 30 days.

How do I fix CVE-2023-44402?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-44402?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST