Loading
Generated remediation guidance and an executive summary. No account required.
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.
Cite this page
CVE-2020-4076. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2020-4076
Use CWE-501, Electronjs vendor hub and Electron product page to widen CVE-2020-4076 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2026-34780, CVE-2026-34774 and CVE-2026-34771 for nearby disclosures in the same product family.