Weak Password Storage in R-SOFT DMS Exposes Superadmin Credentials
CVE-2026-41879

8.2HIGH

Key Information:

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-41879?

R-SOFT DMS has a significant security flaw where it stores superadmin credentials using a non-salted nested MD5 hash. This vulnerability enables malicious actors who manage to obtain the password hash to decode the superadmin credentials easily. Moreover, changing these passwords requires editing the configuration file directly, adding an additional layer of risk. Users are advised to update to version v3.17-2000 for protections against this vulnerability.

Affected Version(s)

DMS 0

References

CVSS V4

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Marek Figielski (Vanilla.pl)
.