PatchSiren cyber security CVE debrief

CVE-2026-38945 Raynet CVE debrief

A command injection vulnerability in Raynet rvia version 12.6 Update 8 and earlier allows local attackers to execute arbitrary code. The flaw stems from improper input sanitization in rvia's Java search functionality, which uses the find command with improperly terminated search criteria. An attacker can exploit this by crafting a malicious path that injects commands into the find operation. The vulnerability requires local access and low privileges but enables high-impact outcomes including full confidentiality, integrity, and availability compromise.

Vendor: Raynet
Product: rvia
CVSS: HIGH 7.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-05-27
Original CVE updated: 2026-05-27
Advisory published: 2026-05-27
Advisory updated: 2026-05-27

Who should care

Organizations running Raynet rvia version 12.6 Update 8 or earlier in production environments. System administrators responsible for Java-based search infrastructure. Security teams monitoring for command injection vulnerabilities in enterprise applications. Organizations with multi-user systems where rvia is accessible to non-administrative users.

Technical summary

The vulnerability exists in rvia's Java search implementation which utilizes the find command. The search criteria are improperly terminated, allowing an attacker to inject additional commands through a specially crafted file path. When rvia processes this path during its search operation, the injected commands execute with the privileges of the rvia process. This represents a classic command injection pattern (CWE-77) where unsanitized input is passed to a shell command. The local attack vector and requirement for low privileges suggests this could be chained with other vulnerabilities or used for privilege escalation on multi-user systems where rvia is deployed.

Defensive priority

HIGH

Recommended defensive actions

Review and update rvia installations to a patched version when available from Raynet
Audit systems for rvia version 12.6 Update 8 or earlier installations
Restrict local access to rvia installations to authorized administrators only
Monitor for suspicious find command executions or unexpected Java process behavior
Contact Raynet support for patch availability and remediation guidance
Review application logs for evidence of path manipulation attempts

Evidence notes

The CVE description identifies Raynet rvia version 12.6 Update 8 and previous versions as affected. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) confirms local attack vector with low attack complexity and low privileges required. CWE-77 (Command Injection) is cited as the weakness type. The vulnerability involves rvia's Java search using the find command with improperly terminated search criteria, allowing crafted path injection.

Official resources

CVE-2026-38945 CVE record
CVE.org
CVE-2026-38945 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Source reference
134c704f-9b21-4f2e-91b3-4a467353bcc0

2026-05-27