【Vulnerability Alert】NewSoft - NewSoftOA - OS Command Injection

• Subject: 【Vulnerability Alert】NewSoft - NewSoftOA - OS Command Injection

• Description:
  • Forwarded from Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert: TWCERTCC-200-202604-00000025
  • 【NewSoft - NewSoftOA - OS Command Injection】(CVE-2026-5965, CVSS: 9.8). NewSoftOA developed by NewSoft contains an OS Command Injection vulnerability. An unauthenticated local attacker can inject arbitrary operating system commands and execute them on the server.
• Affected Platforms:
  • NewSoftOA versions prior to 10.1.8.3 (exclusive)
• Recommended Actions:
  • Update to version 10.1.8.3 (inclusive) or later.
• Reference Materials:
  1. https://www.twcert.org.tw/tw/cp-132-10856-4979f-1.html

Computer and Communication Center
Network Systems Division