CRITICAL
NewSoft
CVE published 2026-04-21
CVE-2026-5965
CVE-2026-5965 documents a critical OS command injection vulnerability in NewSoftOA, a product developed by NewSoft. The vulnerability allows unauthenticated local attackers to inject and execute arbitrary operating system commands on affected servers. The issue was published on April 21, 2026, with the record last modified on May 19, 2026. The vulnerability is classified under CWE-78 (Improper Neutralizat [truncated]