CVE-2026-8217 is a remote operating-system command injection issue reported in Industrial Application Software IAS Canias ERP 8.03. According to the source description, manipulating the RMI Interface argument troiaCode can reach Runtime.getRuntime.exec, allowing command injection. The source also states that a public exploit has been released and that the vendor was contacted early but did not respond.
MEDIUMIndustrial Application SoftwareCVE published 2026-05-10
CVE-2026-8216 is a remotely reachable authentication weakness in IAS Canias ERP 8.03. The issue is reported in iasServerRemoteInterface.doAction within Java RMI Session Management and can allow improper authentication if the service is manipulated. Because the affected component sits in an ERP environment, exposed deployments should treat this as an access-control risk for business-critical systems.
MEDIUMIndustrial Application SoftwareCVE published 2026-05-10
CVE-2026-8215 describes a remotely reachable path traversal in IAS Canias ERP 8.03. The issue affects iasRequestFileEvent in the RMI Interface, where manipulation of m_strSourceFileName can lead to path traversal (CWE-22). The source corpus also states that a public exploit disclosure exists and that the vendor was contacted early but did not respond.
MEDIUMIndustrial Application SoftwareCVE published 2026-05-10
CVE-2026-8214 describes a remote improper-authentication issue in IAS Canias ERP 8.03 affecting doAction in the RMI Interface. The source material says manipulating sessionId can bypass authentication, and that a public exploit exists. Although the CVSS score is medium, exposed deployments should treat this as urgent because authentication weaknesses on remotely reachable interfaces can enable unauthorized access.
