CVE-2026-38945

CVSS 7.8 HIGHEPSS 0.8%CWE-77

Command injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to execute arbitrary code via a crafted path that matches the improperly terminated search criteria of rvia's Java search using the find command.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 2

githubgithub.com/Wise-Security/CVE-2026-38945★ 0 cve_referencegithub.com/Wise-Security/CVE-2026-38945/blob/main/CVE-2026-38945.shunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/Wise-Security/CVE-2026-38945 https://github.com/Wise-Security/CVE-2026-38945/blob/main/CVE-2026-38945.sh https://support.raynet.de/https://support.raynet.de/hc/en-us/articles/46163206384788-RSEC200967-Java-Detection-Path-Traversal