← back
CVE-2026-5965

NewSoft|NewSoftOA - OS Command Injection

CVSS 9.3 CRITICALEPSS 1.7%CWE-78
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.3EPSS 1.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
21 Apr 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
NewSoft · NewSoftOA