PT-2026-28728 · Elecv2 · Elecv2

Zast.Ai

Publicado

2026-03-28

Atualizado

2026-03-29

CVE-2026-5014

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions elecV2 versions prior to 3.8.4

Description A path traversal issue exists due to the manipulation of the path.join function within the /log/ file of the Wildcard Handler component. This allows for remote exploitation. The project was notified of the issue but has not yet responded. The exploit has been publicly disclosed.

Recommendations Update to version 3.8.4 or later. As a temporary workaround, restrict access to the /log/ file. Consider disabling the Wildcard Handler component until a patch is available.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2026-5014

Produtos afetados

Elecv2

PT-2026-28728 · Elecv2 · Elecv2

CVE-2026-5014

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7