EUVD-2026-16951
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Tags
Description
A vulnerability was identified in elecV2 elecV2P up to 3.8.3. This affects the function eAxios of the file /mock of the component URL Handler. Such manipulation of the argument req leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
Analysis
Server-Side Request Forgery (SSRF) in elecV2P versions up to 3.8.3 allows unauthenticated remote attackers to manipulate internal or external HTTP requests via the eAxios function in the /mock URL handler. The vulnerability enables unauthorized access to internal resources, data exfiltration from confidential endpoints, and potential lateral movement within internal networks. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Audit all systems running elecV2P and document current versions; disable or restrict network access to elecV2P instances via firewall rules or network segmentation. Within 7 days: Upgrade to elecV2P version 3.8.4 or later if available, or evaluate alternative solutions; if upgrade impossible, implement Web Application Firewall rules to block suspicious /mock URL handler requests. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today