top of page
perceptive_background_267k.jpg

Command injection in Raynet rvia version 12.6.4392.49-amd64.deb allows adversaries to execute arbitrary Java code via a crafted path that matches the improperly…

Published:

26 May 2026 at 22:00:00

Alert date:

27 May 2026 at 19:08:13

Source:

nvd.nist.gov

Click to open the original link from this advisory

Enterprise Applications

A command injection vulnerability in Raynet rvia version 12.6.4392.49-amd64.deb allows attackers to execute arbitrary Java code. The vulnerability exists due to improperly terminated search criteria in rvia's Java search functionality using the find command. Adversaries can exploit this by crafting malicious file paths that match the vulnerable search criteria. This enables remote code execution through command injection attacks. The vulnerability has been assigned CVE-2026-38945 and proof-of-concept code is publicly available.

Technical details

Mitigation steps:

Affected products:

Raynet rvia

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-38945
https://github.com/Wise-Security/CVE-2026-38945
https://support.raynet.de/
https://github.com/Wise-Security/CVE-2026-38945/blob/main/CVE-2026-38945.sh

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page