CVE-2026-5016

Name of the Vulnerable Software and Affected Versions elecV2 elecV2P versions through 3.8.3

Description A server-side request forgery condition exists due to manipulation of the req argument within the eAxios function located in the /mock file of the URL Handler component. This allows for remote attacks. The project was notified of the issue but has not yet responded. The exploit is publicly available.

Recommendations Versions prior to 3.8.4 should be updated. Consider temporarily disabling the eAxios function until a patch is available. Restrict access to the /mock file to minimize the risk of exploitation.