CVE 9.3 CRITICAL

NewSoft｜NewSoftOA – OS Command Injection_CVE-2026-5965

April 20, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.

AI Analysis

OS Command Injection vulnerability in NewSoftOA, allowing unauthenticated local attackers to inject arbitrary OS commands

Basic Information

ID CVE-2026-5965

Source twcert

Published Apr 21, 2026 at 03:32

Affected Product

Vendor NewSoft

Product NewSoftOA

Affected Versions NewSoft NewSoftOA 0

CWE Classification

CWE-78

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor NewSoft

Product NewSoftOA

References

{
    "lastseen": "",
    "description": "NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.",
    "published": "2026-04-21T03:32:55.138Z",
    "modified": "2026-04-21T03:32:55.138Z",
    "type": "cve",
    "title": "NewSoft\uff5cNewSoftOA - OS Command Injection",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10856-4979f-1.html\nhttps://www.twcert.org.tw/en/cp-139-10857-c46f7-2.html",
    "id": "CVE-2026-5965",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "NewSoft NewSoftOA 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "NewSoftOA",
    "version": "0",
    "vendor": "NewSoft",
    "ai_description": "OS Command Injection vulnerability in NewSoftOA, allowing unauthenticated local attackers to inject arbitrary OS commands",
    "ai_severity": "Critical",
    "ai_vendor": "NewSoft",
    "ai_product": "NewSoftOA",
    "ai_version": "0",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply