top of page
perceptive_background_267k.jpg

Command injection in Raynet rvia version 12.6.4392.49-amd64.deb allows adversaries to execute arbitrary Java code via a crafted path that matches the improperly…

Published:

26 mei 2026 om 22:00:00

Alert date:

27 mei 2026 om 19:08:13

Source:

nvd.nist.gov

Click to open the original link from this advisory

Enterprise Applications

A command injection vulnerability in Raynet rvia version 12.6.4392.49-amd64.deb allows attackers to execute arbitrary Java code. The vulnerability exists due to improperly terminated search criteria in rvia's Java search functionality using the find command. Adversaries can exploit this by crafting malicious file paths that match the vulnerable search criteria. This enables remote code execution through command injection attacks. The vulnerability has been assigned CVE-2026-38945 and proof-of-concept code is publicly available.

Technical details

Mitigation steps:

Affected products:

Raynet rvia

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-38945
https://github.com/Wise-Security/CVE-2026-38945
https://support.raynet.de/
https://github.com/Wise-Security/CVE-2026-38945/blob/main/CVE-2026-38945.sh

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page