Insecure Direct Object Reference Vulnerability in R-SOFT DMS
CVE-2026-41878
7.1HIGH
What is CVE-2026-41878?
The R-SOFT DMS application is exposed to an Insecure Direct Object Reference (IDOR) vulnerability, allowing any authenticated user to access files meant for other users. This occurs due to the system's reliance on session authentication without adequate permissions checks, permitting unauthorized access to sensitive files stored in the database. To mitigate this risk, users are encouraged to upgrade to versions v3.19-2862 or v3.17-2580 or later.
Affected Version(s)
DMS 0
DMS 0
