NewSoft|NewSoftOA - OS Command Injection
翻译中…平台
php
组件
newsoft-oa
修复版本
10.1.8.3
CVE-2026-5965 describes a critical Command Injection vulnerability discovered in NewSoftOA, a document management system. This flaw allows unauthenticated local attackers to execute arbitrary operating system commands on the server, potentially leading to complete system takeover. The vulnerability affects versions from 0.0.0 through 10.1.8.3, and a patch is available in version 10.1.8.3.
影响与攻击场景翻译中…
The impact of this Command Injection vulnerability is severe. An attacker with local access to the NewSoftOA server can leverage this flaw to execute arbitrary commands with the privileges of the web server user. This could allow them to read sensitive data, modify system files, install malware, or even gain persistent access to the system. The ability to execute arbitrary commands effectively grants the attacker complete control over the affected server. Given the document management nature of NewSoftOA, data at risk includes sensitive documents, user credentials, and potentially financial information. Lateral movement within the network is also possible if the server has access to other systems.
利用背景翻译中…
CVE-2026-5965 was publicly disclosed on 2026-04-21. The vulnerability's ease of exploitation, combined with the critical CVSS score of 9.8, suggests a high probability of exploitation. No public proof-of-concept (PoC) code has been released as of this writing, but the nature of Command Injection vulnerabilities makes it likely that one will emerge. It is not currently listed on the CISA KEV catalog.
哪些人处于风险中翻译中…
Organizations using NewSoftOA for document management, particularly those with limited security controls or legacy configurations, are at significant risk. Shared hosting environments where multiple users share the same server are also particularly vulnerable, as an attacker could potentially exploit this vulnerability to gain access to other users' data.
检测步骤翻译中…
• linux / server: Monitor system logs (journalctl) for suspicious process executions, particularly those originating from the NewSoftOA web server user. Look for unusual command-line arguments.
journalctl -u newsoftoa -f | grep -i 'command injection'• windows / supply-chain: Monitor PowerShell execution logs for commands related to NewSoftOA. Check scheduled tasks for any suspicious entries.
Get-ScheduledTask | Where-Object {$_.TaskName -like '*newsoftoa*'} | Format-List TaskName, Actions• generic web: Examine web server access logs for requests containing potentially malicious characters or patterns indicative of command injection attempts.
grep -i 'command injection' /var/log/apache2/access.log攻击时间线
- Disclosure
disclosure
威胁情报
漏洞利用状态
EPSS
8.66% (92% 百分位)
CISA SSVC
CVSS 向量
这些指标意味着什么?
- Attack Vector
- 网络 — 可通过互联网远程利用,无需物理或本地访问。攻击面最大。
- Attack Complexity
- 低 — 无需特殊条件,可以稳定地利用漏洞。
- Privileges Required
- 无 — 无需认证,无需凭证即可利用。
- User Interaction
- 无 — 攻击自动且无声,受害者无需任何操作。
- Scope
- 未改变 — 影响仅限于脆弱组件本身。
- Confidentiality
- 高 — 完全丧失机密性,攻击者可读取所有数据。
- Integrity
- 高 — 攻击者可写入、修改或删除任何数据。
- Availability
- 高 — 完全崩溃或资源耗尽,完全拒绝服务。
受影响的软件
弱点分类 (CWE)
时间线
- 已保留
- 发布日期
- EPSS 更新日期
缓解措施和替代方案翻译中…
The primary mitigation for CVE-2026-5965 is to immediately upgrade NewSoftOA to version 10.1.8.3 or later. If upgrading is not immediately feasible, consider restricting local access to the server to only authorized personnel. Implement strict file system permissions to limit the potential damage from command execution. While a direct WAF rule is unlikely to be effective against this type of vulnerability, monitoring for unusual process execution patterns on the server can provide early detection. After upgrading, confirm the vulnerability is resolved by attempting a command injection payload in a controlled environment and verifying that it is properly sanitized.
修复方法翻译中…
Actualice NewSoftOA a la versión 10.1.8.3 o posterior para mitigar la vulnerabilidad de inyección de comandos del sistema operativo. Verifique la documentación oficial de NewSoft para obtener instrucciones detalladas sobre cómo actualizar el software. Implemente controles de seguridad adicionales, como la validación de entradas y la restricción de privilegios, para reducir el riesgo de explotación.
CVE 安全通讯
漏洞分析和关键警报直接发送到您的邮箱。
常见问题翻译中…
What is CVE-2026-5965 — Command Injection in NewSoftOA?
CVE-2026-5965 is a critical vulnerability in NewSoftOA allowing unauthenticated local attackers to execute OS commands. It affects versions 0.0.0–10.1.8.3, potentially leading to full system compromise.
Am I affected by CVE-2026-5965 in NewSoftOA?
If you are using NewSoftOA versions 0.0.0 through 10.1.8.3, you are potentially affected by this vulnerability. Immediate action is required.
How do I fix CVE-2026-5965 in NewSoftOA?
Upgrade NewSoftOA to version 10.1.8.3 or later to remediate the vulnerability. If upgrading is not possible, restrict local access and implement strict file system permissions.
Is CVE-2026-5965 being actively exploited?
While no public exploits are currently known, the high CVSS score and ease of exploitation suggest a high probability of exploitation. Continuous monitoring is recommended.
Where can I find the official NewSoftOA advisory for CVE-2026-5965?
Refer to the NewSoftOA official website or security advisory page for the latest information and updates regarding CVE-2026-5965.