RCE in R-soft Serwis Dms

CVE-2026-41880

R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition (OCR) module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shel…

Vulnerability class: Command Injection (OS Command Injection)

Affected products

Weakness classification (CWE)

References