CVE-2026-5965

CRITICAL NVD

CVSS Score 9.8

Severity CRITICAL

Published Apr 21, 2026

Vendor unknown

Description

NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.

References

https://www.twcert.org.tw/en/cp-139-10857-c46f7-2.html
https://www.twcert.org.tw/tw/cp-132-10856-4979f-1.html