EUVD-2026-16943
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Tags
Description
A flaw has been found in elecV2 elecV2P up to 3.8.3. This issue affects the function pm2run of the file /rpc. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Analysis
Operating system command injection in elecV2P up to version 3.8.3 allows unauthenticated remote attackers to execute arbitrary commands through the pm2run function in the /rpc endpoint. The vulnerability has a CVSS score of 6.9 with publicly available exploit code, though the vendor has not yet responded to early notification of the issue. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems running elecV2 elecV2P and apply vendor patches as part of regular patch cycle. Validate input sanitization for user-controlled parameters.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today