OS Command Injection Vulnerability in R-SOFT DMS OCR Module
CVE-2026-41880
9CRITICAL
What is CVE-2026-41880?
The Optical Character Recognition (OCR) module in R-SOFT DMS is susceptible to OS Command Injection. This vulnerability arises from multiple command execution functions that improperly handle user-controllable file paths, allowing an authenticated attacker to execute arbitrary system commands via SSH. Although the standard web upload process with URL encoding typically mitigates this issue, successful exploitation through the OCR functionality could grant elevated privileges to the attacker, leading to significant security risks. This vulnerability has been addressed in versions v3.19-2862 and v3.17-2580.
Affected Version(s)
DMS 0
DMS 0
