CVE-2026-5965

CRITICAL WAF: High

CVSS 9.8 Published: 2026-04-21

CWE-78

NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.

WAF Coverage Analysis

OS Command Injection High WAF Coverage

OWASP: A03:2021 Injection

932xxx - Remote Code Execution

References

www.twcert.org.tw
www.twcert.org.tw

Back to CVE Database