CVE-2026-41879
Weak password hashing in R-SOFT DMS
Vexday Risk Score
18Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.2EPSS —KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
10 jul 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this password cannot be changed except by modifying the configuration file.
This issue was fixed in version v3.17-2000.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Produtos afetados
R-SOFT SERWIS · DMSReferências
https://cert.pl/posts/2026/07/CVE-2026-41876