RCE in R-soft Serwis Dms
CVE-2026-41876
R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction() function. The document converter executes shell commands using unsanitized file paths and format parameters. This allows an authenticated attacker to execute arbitrary s…
Vulnerability class: Command Injection (OS Command Injection)
Affected products
- R-soft Serwis Dms — versions 0
Weakness classification (CWE)
References
- cvd@cert.pl (third-party-advisory)