RCE in R-soft Serwis Dms
CVE-2026-41880
R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition (OCR) module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shel…
Vulnerability class: Command Injection (OS Command Injection)
Affected products
- R-soft Serwis Dms — versions 0
Weakness classification (CWE)
References
- cvd@cert.pl (third-party-advisory)