External risk intelligence

NewSoftOA allows attackers to take control of your server

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2026-5965

An internal attacker can exploit a flaw in NewSoftOA to run unauthorized commands on the server. This could grant them full control of the system, leading to unauthorized access to sensitive files and critical business data.

2Halo Surface Signal

OS Command Injection

External exposure likelihood

Halo Surface Signal score for CVE-2026-5965

The vulnerability affects an internal Office Automation system designed for use within trusted enterprise network environments. Exploitation is explicitly described in the context of an internal actor with existing network or local access, indicating the application is not typically exposed to the public internet.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

NewSoftOA has a critical vulnerability that allows unauthenticated attackers to execute arbitrary commands on the server. This means attackers could potentially take full control of the affected system without needing any prior access or credentials.

  • Unauthenticated attackers can gain control.
  • Compromised systems could be used for further attacks.
  • This impacts sensitive business data and operations.

Attack Path

How an attacker could exploit the issue

An unauthenticated attacker could exploit this OS command injection flaw in NewSoftOA by submitting specially crafted input to the application. This input would be interpreted as commands to be executed on the server, allowing the attacker to run arbitrary code and gain control.

  • Unauthenticated, local access needed
  • Target vulnerable input fields
  • Execute commands on server

Live Threat

Current exploitation, exposure, and threat context

This OS Command Injection vulnerability in NewSoftOA is attractive to attackers due to its critical severity and the ability to execute arbitrary commands without authentication. While the vendor describes exploitation as local and unauthenticated, the network attack vector from the CVSS v4.0 score suggests potential for broader reach if the application is exposed externally, though the vendor's published details focus on internal use.

  • Unauthenticated execution capability.
  • Local access context, with network vector possible.
  • No known public exploits or KEV listing.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize blocking all network traffic to and from affected NewSoftOA servers immediately. Due to the critical nature of the OS Command Injection vulnerability, an unauthenticated local attacker can execute arbitrary commands, making containment the top priority until a patch is available.

  • Block all inbound/outbound traffic to affected systems.
  • Monitor for anomalous process execution or network connections.
  • Investigate vendor for patch availability.

Frequently asked questions

What is NewSoftOA and how is it used?

NewSoftOA is a software developed by NewSoft. It is used for office automation within an enterprise. This means it likely helps manage and streamline various business processes and administrative tasks.

What is the weakness class for CVE-2026-5965 in NewSoftOA?

The vulnerability CVE-2026-5965 in NewSoftOA is classified as OS Command Injection (CWE-78). This type of vulnerability occurs when an application incorrectly processes user-supplied input that is part of an OS command, allowing attackers to inject and execute their own commands.

How can an attacker exploit this vulnerability in NewSoftOA?

An unauthenticated local attacker can exploit this vulnerability by injecting arbitrary OS commands through specially crafted input. The advisory indicates that initial exploitation requires local access, and it is not triggered by simply accessing the application through the network if no special input is provided.

Who should care about this NewSoftOA vulnerability?

Organizations using NewSoftOA should care, especially if the application is accessible from the internet, as the CVSS v4.0 score indicates a network attack vector. Even if primarily used internally, the critical severity means internal actors could cause significant damage.

What is the first step to respond to this threat?

The immediate first step is to block all network traffic to and from affected NewSoftOA servers. This containment measure is critical due to the potential for unauthenticated attackers to execute arbitrary commands and take control of the system.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified