Loading
Generated remediation guidance and an executive summary. No account required.
In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation" are affected. There are no app-side workarounds, you must update your Electron version to be protected. This is fixed in versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21.
Cite this page
CVE-2020-15096. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2020-15096
Use CWE-501, Electronjs vendor hub and Electron product page to widen CVE-2020-15096 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2026-34780, CVE-2026-34774 and CVE-2026-34771 for nearby disclosures in the same product family.