CVE-2026-5965
NewSoft|NewSoftOA - OS Command Injection
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.3EPSS 1.7%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
21 Apr 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
NewSoft · NewSoftOA