Which versions of Elecv2P are affected by CVE-2026-5014?

Organizations using elecV2 elecV2P should be aware of moderate risk from CVE-2026-5014, a path traversal vulnerability rated CVSS 5.5. This could allow unauthorized file access.

Is there a public PoC exploit available for CVE-2026-5014?

Yes, a public proof-of-concept exploit is available for CVE-2026-5014. Prioritise patching immediately. EPSS: 0.0%.

Elecv2P CVE-2026-5014

Q: What is the CVSS score of CVE-2026-5014?

CVE-2026-5014 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-16947 MEDIUM

Path Traversal (CWE-22)

2026-03-28 VulDB

Path Traversal Elecv2P

5.5

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

5.5 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Mar 30, 2026 - 13:26 vuln.today

Public exploit code

EUVD ID Assigned

Mar 28, 2026 - 21:15 euvd

EUVD-2026-16947

Analysis Generated

Mar 28, 2026 - 21:15 vuln.today

CVE Published

Mar 28, 2026 - 21:00 nvd

MEDIUM 5.5

DescriptionCVE.org

A vulnerability was found in elecV2 elecV2P up to 3.8.3. The affected element is the function path.join of the file /log/ of the component Wildcard Handler. The manipulation results in path traversal. The attack may be performed from remote. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Path traversal in elecV2P's wildcard handler allows unauthenticated remote attackers to read files outside intended directories via improper path validation in the /log/ endpoint, affecting versions up to 3.8.3. The vulnerability has a publicly available proof of concept and a CVSS score of 5.5 reflecting limited confidentiality impact. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	This vulnerability presents moderate real-world risk despite a moderate CVSS score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker discovers an elecV2P instance accessible on the network and uses the publicly available proof of concept to craft requests to the /log/ endpoint with path traversal sequences (e.g., ../../etc/passwd or similar relative paths). Since the attack is unauthenticated and requires only network access, the attacker can iteratively request different file paths to enumerate and read sensitive configuration files, application source code, credentials, or other data stored on the system. …
Remediation	Users should upgrade elecV2P to a version newer than 3.8.3 once available. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 30 days: Identify affected systems running elecV2 elecV2P and apply vendor patches as part of regular patch cycle. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-5014 vulnerability details – vuln.today

Back