TWCERT/CC published advisories for two high-severity enterprise software vulnerabilities that could let attackers compromise backend systems and data. CVE-2026-5965 affects NewSoftOA from NewSoft and is an OS command injection flaw (CWE-78) that allows unauthenticated remote attackers to execute arbitrary operating system commands on the server. The issue carries a CVSS v3.1 score with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating low-complexity network exploitation with high impact across confidentiality, integrity, and availability.
A second advisory, CVE-2026-7489, affects Sunnet CTMS and describes a SQL injection vulnerability (CWE-89) that allows authenticated remote attackers to run arbitrary SQL commands against the application database. Successful exploitation could enable reading, modifying, and deleting database contents, with a CVSS v3.1 vector of AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Both vulnerabilities were published with English and Chinese references by TWCERT/CC, underscoring continued exposure in internet-reachable business applications to injection attacks that can lead to full server compromise or severe database manipulation.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
2 events from the most recent confirmed update back to the earliest known activity.
TWCERT/CC received CVE-2026-7489 on May 2, 2026 for a SQL injection vulnerability in Sunnet CTMS. The issue allows authenticated remote attackers to inject arbitrary SQL commands and potentially read, modify, or delete database contents; it was classified as CWE-89 with high-severity CVSS ratings.
TWCERT/CC received CVE-2026-5965 on April 21, 2026 for an OS command injection vulnerability in NewSoftOA by NewSoft. The flaw allows unauthenticated attackers to execute arbitrary operating system commands on the server and was classified as CWE-78 with high-severity CVSS ratings.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.