CVE-2026-5013

Name of the Vulnerable Software and Affected Versions elecV2 versions up to 3.8.3

Description A flaw exists in the function path.join within the file /store/:key. Manipulation of the URL argument can lead to path traversal, allowing for remote exploitation. The exploit has been publicly disclosed. The project was notified of the issue but has not yet responded.

Recommendations Versions prior to 3.8.4 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.