Skip to main content

Elecv2P EUVD-2026-16951

| CVE-2026-5016 MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-03-28 VulDB
SSRF Elecv2P
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

5
CVSS changed
Apr 29, 2026 - 01:11 NVD
6.9 (MEDIUM) 5.5 (MEDIUM)
PoC Detected
Mar 30, 2026 - 13:26 vuln.today
Public exploit code
EUVD ID Assigned
Mar 28, 2026 - 22:00 euvd
EUVD-2026-16951
Analysis Generated
Mar 28, 2026 - 22:00 vuln.today
CVE Published
Mar 28, 2026 - 21:45 nvd
MEDIUM 6.9

DescriptionCVE.org

A vulnerability was identified in elecV2 elecV2P up to 3.8.3. This affects the function eAxios of the file /mock of the component URL Handler. Such manipulation of the argument req leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Server-Side Request Forgery (SSRF) in elecV2P versions up to 3.8.3 allows unauthenticated remote attackers to manipulate internal or external HTTP requests via the eAxios function in the /mock URL handler. The vulnerability enables unauthorized access to internal resources, data exfiltration from confidential endpoints, and potential lateral movement within internal networks. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment Real-world risk is elevated despite the moderate 7.3 CVSS score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated external attacker identifies an internet-facing elecV2P instance running version 3.8.3 or earlier. Using the publicly available proof-of-concept from GitHub issue #202, the attacker crafts HTTP requests to the /mock endpoint with malicious URL parameters targeting internal infrastructure. …
Remediation No vendor-released patch identified at time of analysis as the project maintainer has not responded to the early disclosure reported via GitHub issue #202. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Audit all systems running elecV2P and document current versions; disable or restrict network access to elecV2P instances via firewall rules or network segmentation. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-16951 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy