CVE Catalog

CVE-2026-5965

Critical
Published: Translated: NVD NIST

Summary

A new vulnerability in NewSoftOA allows unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.

Risk Assessment

Attackers can exploit this vulnerability to gain control over the server, posing a serious threat to the security of the organization's data and systems.

Recommendation

It is recommended to update NewSoftOA to the latest version and implement appropriate security measures to restrict access to the server.

Original NVD description (English source)

NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS