PatchSiren cyber security CVE debrief
CVE-2026-41879 R-SOFT SERWIS CVE debrief
R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtains the password hash to decode superadmin credentials. Critically, this password cannot be changed except by modifying the configuration file. The issue was fixed in version v3.17-2000. This vulnerability has significant implications for the security of R-SOFT DMS systems, particularly those with superadmin credentials. Administrators and users should be aware of this vulnerability and take necessary actions to secure their systems.
- Vendor
- R-SOFT SERWIS
- Product
- DMS
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-10
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-10
- Advisory updated
- 2026-07-10
Who should care
Administrators and users of R-SOFT DMS, especially those with superadmin credentials, should be aware of this vulnerability and take necessary actions to secure their systems. This includes updating to version v3.17-2000 or later, modifying the configuration file to change the superadmin password, and implementing additional security measures to protect against potential attacks.
Technical summary
The vulnerability is caused by the use of a non-salted nested MD5 hash to store superadmin credentials in R-SOFT DMS. This allows an attacker to decode the credentials if they obtain the password hash. The password cannot be changed except by modifying the configuration file, which adds to the severity of the issue. The vulnerability has a CVSS score of 8.2 and is classified as HIGH severity. The issue was fixed in version v3.17-2000.
Defensive priority
High priority should be given to securing R-SOFT DMS systems, especially those with superadmin credentials, to prevent potential attacks.
Recommended defensive actions
- Update R-SOFT DMS to version v3.17-2000 or later
- Modify the configuration file to change the superadmin password
- Implement additional security measures to protect against potential attacks
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-07-10T10:16:24.077Z and has not been modified since then. The NVD entry is currently Received. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The issue is caused by the use of a non-salted nested MD5 hash to store superadmin credentials in R-SOFT DMS.
Official resources
-
CVE-2026-41879 CVE record
CVE.org
-
CVE-2026-41879 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T10:16:24.077Z and has not been modified since then. The NVD entry is currently Received.