PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-41879 R-SOFT SERWIS CVE debrief

R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtains the password hash to decode superadmin credentials. Critically, this password cannot be changed except by modifying the configuration file. The issue was fixed in version v3.17-2000. This vulnerability has significant implications for the security of R-SOFT DMS systems, particularly those with superadmin credentials. Administrators and users should be aware of this vulnerability and take necessary actions to secure their systems.

Vendor
R-SOFT SERWIS
Product
DMS
CVSS
HIGH 8.2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-10
Original CVE updated
2026-07-10
Advisory published
2026-07-10
Advisory updated
2026-07-10

Who should care

Administrators and users of R-SOFT DMS, especially those with superadmin credentials, should be aware of this vulnerability and take necessary actions to secure their systems. This includes updating to version v3.17-2000 or later, modifying the configuration file to change the superadmin password, and implementing additional security measures to protect against potential attacks.

Technical summary

The vulnerability is caused by the use of a non-salted nested MD5 hash to store superadmin credentials in R-SOFT DMS. This allows an attacker to decode the credentials if they obtain the password hash. The password cannot be changed except by modifying the configuration file, which adds to the severity of the issue. The vulnerability has a CVSS score of 8.2 and is classified as HIGH severity. The issue was fixed in version v3.17-2000.

Defensive priority

High priority should be given to securing R-SOFT DMS systems, especially those with superadmin credentials, to prevent potential attacks.

Recommended defensive actions

  • Update R-SOFT DMS to version v3.17-2000 or later
  • Modify the configuration file to change the superadmin password
  • Implement additional security measures to protect against potential attacks
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-07-10T10:16:24.077Z and has not been modified since then. The NVD entry is currently Received. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The issue is caused by the use of a non-salted nested MD5 hash to store superadmin credentials in R-SOFT DMS.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T10:16:24.077Z and has not been modified since then. The NVD entry is currently Received.