CVE-2026-5016

Source
https://cve.org/CVERecord?id=CVE-2026-5016
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5016.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-5016
Published
2026-03-28T21:45:11.240Z
Modified
2026-07-15T01:49:13.914357563Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
elecV2 elecV2P URL mock eAxios server-side request forgery
Details

A vulnerability was identified in elecV2 elecV2P up to 3.8.3. This affects the function eAxios of the file /mock of the component URL Handler. Such manipulation of the argument req leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Database specific
{
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-918"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5016.json"
}
References

Affected packages

Git / github.com/elecv2/elecv2p

Affected ranges

Type
GIT
Repo
https://github.com/elecv2/elecv2p
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "3.8.0"
        },
        {
            "last_affected": "3.8.0"
        },
        {
            "introduced": "3.8.1"
        },
        {
            "last_affected": "3.8.1"
        },
        {
            "introduced": "3.8.2"
        },
        {
            "last_affected": "3.8.2"
        },
        {
            "introduced": "3.8.3"
        },
        {
            "last_affected": "3.8.3"
        }
    ]
}

Affected versions

3.*
3.8.0
3.8.1
3.8.2
3.8.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5016.json"