CVE-2026-3955

Name of the Vulnerable Software and Affected Versions elecV2P versions through 3.8.3

Description A security issue exists in elecV2P that allows for code injection. The runJSFile function within the wbjs.js file, part of the jsfile Endpoint component, is susceptible to manipulation. This manipulation can lead to remote code execution. The exploit for this issue has been publicly disclosed. The project maintainers were notified of the problem but have not yet responded.

Recommendations Versions through 3.8.3 should be updated when a fix becomes available. As a temporary workaround, consider disabling the runJSFile() function until a patch is available.