CVE-2026-5012

HIGH

elecV2 elecV2P rpc pm2run os command injection

Title source: cna

Description

A flaw has been found in elecV2 elecV2P up to 3.8.3. This issue affects the function pm2run of the file /rpc. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References (5)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/353897

[Signature, Permissions Required] https://vuldb.com/vuln/353897/cti

[Third Party Advisory] https://vuldb.com/submit/779174

[Exploit] https://github.com/elecV2/elecV2P/issues/196

[Product] https://github.com/elecV2/elecV2P/

Scores

CVSS v3 7.3

EPSS 0.0218

EPSS Percentile 84.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-77 CWE-78

Status published

Products (4)

elecV2/elecV2P 3.8.0

elecV2/elecV2P 3.8.1

elecV2/elecV2P 3.8.2

elecV2/elecV2P 3.8.3

Published Mar 28, 2026

Tracked Since Mar 29, 2026