CVE-2026-5011

elecV2 elecV2P JSON webhook runJSFile code injection

CVSS 5.3 MEDIUMEPSS 0.2%CWE-74 CWE-94

A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Produtos afetados

elecV2 · elecV2P

PoCs públicas encontradas — 1

cve_referencegithub.com/elecV2/elecV2P/issues/195não verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/elecV2/elecV2P/https://github.com/elecV2/elecV2P/issues/195 https://vuldb.com/submit/779173 https://vuldb.com/vuln/353896 https://vuldb.com/vuln/353896/cti