CVE-2026-5013: Path Traversal in elecV2 elecV2P
A vulnerability has been found in elecV2 elecV2P up to 3.8.3. Impacted is the function path.join of the file /store/:key. The manipulation of the argument URL leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
AI Analysis
Technical Summary
This vulnerability in elecV2 elecV2P (up to version 3.8.3) involves improper handling of the URL argument in the /store/:key route, specifically in the path.join function, which leads to a path traversal condition. This allows an unauthenticated remote attacker to potentially access files outside the intended directory structure. The vulnerability has been publicly disclosed, but no official fix or patch has been released by the vendor as of the publication date.
Potential Impact
Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the server by traversing directories via crafted URL input. This could lead to unauthorized disclosure of sensitive information. However, there is no indication of privilege escalation, code execution, or other impacts beyond information disclosure. No known active exploitation has been reported.
Mitigation Recommendations
As of the current information, no official patch or fix has been released by the vendor. Users of elecV2 elecV2P versions up to 3.8.3 should consider restricting access to the affected endpoint or implementing input validation to prevent path traversal attempts. Monitor the vendor's channels for updates and apply any forthcoming patches promptly. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
CVE-2026-5013: Path Traversal in elecV2 elecV2P
Description
A vulnerability has been found in elecV2 elecV2P up to 3.8.3. Impacted is the function path.join of the file /store/:key. The manipulation of the argument URL leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in elecV2 elecV2P (up to version 3.8.3) involves improper handling of the URL argument in the /store/:key route, specifically in the path.join function, which leads to a path traversal condition. This allows an unauthenticated remote attacker to potentially access files outside the intended directory structure. The vulnerability has been publicly disclosed, but no official fix or patch has been released by the vendor as of the publication date.
Potential Impact
Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the server by traversing directories via crafted URL input. This could lead to unauthorized disclosure of sensitive information. However, there is no indication of privilege escalation, code execution, or other impacts beyond information disclosure. No known active exploitation has been reported.
Mitigation Recommendations
As of the current information, no official patch or fix has been released by the vendor. Users of elecV2 elecV2P versions up to 3.8.3 should consider restricting access to the affected endpoint or implementing input validation to prevent path traversal attempts. Monitor the vendor's channels for updates and apply any forthcoming patches promptly. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-03-27T14:11:38.349Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69c83c4f919ccadcdf051ab2
Added to database: 3/28/2026, 8:38:39 PM
Last enriched: 4/5/2026, 10:49:48 AM
Last updated: 5/12/2026, 11:52:21 AM
Views: 88
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.