Critical Command Injection in NewSoftOA: Unauthenticated RCE Risk

/CRITICAL /CVSS 9.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvecriticalhigh-severitycommand-injectioncwe-78
Critical Command Injection in NewSoftOA: Unauthenticated RCE Risk

The National Vulnerability Database has issued an advisory for CVE-2026-5965, a critical OS Command Injection vulnerability found in NewSoftOA, developed by NewSoft. This flaw allows unauthenticated local attackers to inject and execute arbitrary OS commands on the server. With a CVSS score of 9.8 (CRITICAL), this vulnerability represents a severe risk.

The impact is absolute: unauthenticated attackers can achieve full compromise. This isn’t theoretical; it’s a direct path to remote code execution. Attackers will leverage this to establish persistence, pivot into the network, and exfiltrate data. The low attack complexity and lack of authentication make it an immediate target for opportunistic scanning and exploitation.

Defenders using NewSoftOA must prioritize patching or mitigation immediately. The threat actor’s calculus is simple here: find exposed instances, run a basic command injection, and you own the box. This is precisely the kind of vulnerability that moves from disclosure to active exploitation in days, not weeks.

What This Means For You

  • If your organization uses NewSoftOA, you are exposed to unauthenticated remote code execution. You need to identify all instances of NewSoftOA on your network immediately. Prioritize patching or apply vendor-recommended mitigations without delay. Audit server logs for any suspicious command execution attempts, especially if the product is internet-facing.

Related ATT&CK Techniques

T1059.004 Command and Scripting Interpreter: Unix Shell Execution T1190 Exploit Public-Facing Application Initial Access

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-5965 NewSoftOA Unauthenticated Command Injection

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-5965 Command Injection NewSoftOA developed by NewSoft
CVE-2026-5965 Command Injection OS Command Injection vulnerability
CVE-2026-5965 Command Injection unauthenticated local attackers

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 21, 2026 at 07:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-6675 — The Responsive Blocks – Page Builder for Blocks & Patterns

CVE-2026-6675 — The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email Relay in all versions...

vulnerabilityCVEmedium-severitycwe-20
/SCW Vulnerability Desk /MEDIUM /5.3 /⚑ 2 IOCs /⚙ 2 Sigma

CVE-2026-6674 — SQL Injection

CVE-2026-6674 — The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter in all versions up to,...

vulnerabilityCVEmedium-severitysql-injectioncwe-89
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 2 IOCs /⚙ 3 Sigma

FreeScout CSS Injection Allows Privilege Escalation

CVE-2026-40497 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's `Helper::stripDangerousTags()` removes ``, ``, ``, `` but does...

vulnerabilityCVEhigh-severitycross-site-scripting-xsscwe-79
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 4 IOCs /⚙ 3 Sigma