プラットフォーム
php
コンポーネント
newsoft-oa
修正版
10.1.8.3
CVE-2026-5965 describes a critical Command Injection vulnerability discovered in NewSoftOA, a document management system. This flaw allows unauthenticated local attackers to execute arbitrary operating system commands on the server, potentially leading to complete system takeover. The vulnerability affects versions from 0.0.0 through 10.1.8.3, and a patch is available in version 10.1.8.3.
The impact of this Command Injection vulnerability is severe. An attacker with local access to the NewSoftOA server can leverage this flaw to execute arbitrary commands with the privileges of the web server user. This could allow them to read sensitive data, modify system files, install malware, or even gain persistent access to the system. The ability to execute arbitrary commands effectively grants the attacker complete control over the affected server. Given the document management nature of NewSoftOA, data at risk includes sensitive documents, user credentials, and potentially financial information. Lateral movement within the network is also possible if the server has access to other systems.
CVE-2026-5965 was publicly disclosed on 2026-04-21. The vulnerability's ease of exploitation, combined with the critical CVSS score of 9.8, suggests a high probability of exploitation. No public proof-of-concept (PoC) code has been released as of this writing, but the nature of Command Injection vulnerabilities makes it likely that one will emerge. It is not currently listed on the CISA KEV catalog.
Organizations using NewSoftOA for document management, particularly those with limited security controls or legacy configurations, are at significant risk. Shared hosting environments where multiple users share the same server are also particularly vulnerable, as an attacker could potentially exploit this vulnerability to gain access to other users' data.
• linux / server: Monitor system logs (journalctl) for suspicious process executions, particularly those originating from the NewSoftOA web server user. Look for unusual command-line arguments.
journalctl -u newsoftoa -f | grep -i 'command injection'• windows / supply-chain: Monitor PowerShell execution logs for commands related to NewSoftOA. Check scheduled tasks for any suspicious entries.
Get-ScheduledTask | Where-Object {$_.TaskName -like '*newsoftoa*'} | Format-List TaskName, Actions• generic web: Examine web server access logs for requests containing potentially malicious characters or patterns indicative of command injection attempts.
grep -i 'command injection' /var/log/apache2/access.logdisclosure
エクスプロイト状況
EPSS
8.66% (92% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2026-5965 is to immediately upgrade NewSoftOA to version 10.1.8.3 or later. If upgrading is not immediately feasible, consider restricting local access to the server to only authorized personnel. Implement strict file system permissions to limit the potential damage from command execution. While a direct WAF rule is unlikely to be effective against this type of vulnerability, monitoring for unusual process execution patterns on the server can provide early detection. After upgrading, confirm the vulnerability is resolved by attempting a command injection payload in a controlled environment and verifying that it is properly sanitized.
Actualice NewSoftOA a la versión 10.1.8.3 o posterior para mitigar la vulnerabilidad de inyección de comandos del sistema operativo. Verifique la documentación oficial de NewSoft para obtener instrucciones detalladas sobre cómo actualizar el software. Implemente controles de seguridad adicionales, como la validación de entradas y la restricción de privilegios, para reducir el riesgo de explotación.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-5965 is a critical vulnerability in NewSoftOA allowing unauthenticated local attackers to execute OS commands. It affects versions 0.0.0–10.1.8.3, potentially leading to full system compromise.
If you are using NewSoftOA versions 0.0.0 through 10.1.8.3, you are potentially affected by this vulnerability. Immediate action is required.
Upgrade NewSoftOA to version 10.1.8.3 or later to remediate the vulnerability. If upgrading is not possible, restrict local access and implement strict file system permissions.
While no public exploits are currently known, the high CVSS score and ease of exploitation suggest a high probability of exploitation. Continuous monitoring is recommended.
Refer to the NewSoftOA official website or security advisory page for the latest information and updates regarding CVE-2026-5965.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。