CVE-2026-5011

elecV2 elecV2P JSON webhook runJSFile code injection

CVSS 5.3 MEDIUMEPSS 0.2%CWE-74 CWE-94

A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Productos afectados

elecV2 · elecV2P

PoCs públicas encontradas — 1

cve_referencegithub.com/elecV2/elecV2P/issues/195no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/elecV2/elecV2P/https://github.com/elecV2/elecV2P/issues/195 https://vuldb.com/submit/779173 https://vuldb.com/vuln/353896 https://vuldb.com/vuln/353896/cti