{"vulnerability": "cve-2026-41880", "sightings": [{"uuid": "ffbe42a9-48cd-4ed0-89cd-37113e7cbae3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41880", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqbz2mejxm2h", "content": "CVE-2026-41880 - dms\nAn attacker can upload a malicious file to R-SOFT DMS and execute system commands as the root user. This can allow unauthorized access to the system and potentially lead to data theft or system\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#dms #CVE #infosec", "creation_timestamp": "2026-07-10T11:08:04.261107Z"}, {"uuid": "bfe80ffc-9f84-48cf-97a3-f408f749b9e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41880", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116895569307199764", "content": "CVE-2026-41880 | CRITICAL OS Command Injection in R-SOFT SERWIS DMS OCR module. Authenticated users can execute root commands via crafted uploads. Patched in v3.19-2862/3.17-2580. Upgrade now: https://radar.offseq.com/threat/cve-2026-41880-cwe-78-improper-neutralization-of-s-9acc4d130ed96ca2 #OffSeq #infosec #vulnerability #CVE202641880", "creation_timestamp": "2026-07-10T12:00:35.221298Z"}, {"uuid": "e43f28d0-62db-442b-8326-3153ddb8878c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41880", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqc3ykh4gg24", "content": "CVE-2026-41880: CRITICAL OS Command Injection in R-SOFT SERWIS DMS OCR module. Authenticated attackers can gain root via crafted uploads. Patch to v3.19-2862/3.17-2580 now. https://radar.offseq.com/threat/cve-2026-41880-cwe-78-improper-neutralization-of-s-9acc4d130ed96ca2 #OffSeq #infosec #CVE202...", "creation_timestamp": "2026-07-10T12:00:37.059319Z"}, {"uuid": "d5716a4c-ca24-4ec4-906f-c8a5728ff69d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41880", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqc6lxopmc2x", "content": "CVE-2026-41880 - OS Command Injection in R-SOFT DMS\nCVE ID : CVE-2026-41880\n \n Published : July 10, 2026, 10:16 a.m. | 1\u00a0hour, 32\u00a0minutes ago\n \n Description : R-SOFT DMS is vulnerable to\u00a0OS Command Injection in the Optical Character Recognition (OCR) module. Multiple command e...", "creation_timestamp": "2026-07-10T12:47:15.405587Z"}, {"uuid": "11bfc150-8bdc-4577-8f92-d99fdf7b9a0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41880", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcdu6sfwq2e", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-41880 \u0432 R-SOFT DMS: \u0443\u0433\u0440\u043e\u0437\u0430 OS Command Injection \u0432 \u043c\u043e\u0434\u0443\u043b\u0435 \u0440\u0430\u0441\u043f\u043e\u0437\u043d\u0430\u0432\u0430\u043d\u0438\u044f \u0442\u0435\u043a\u0441\u0442\u0430\n\n\n\nhttps://kripta.biz/posts/F61B40B1-6651-4D57-A411-F4C7B52835FC", "creation_timestamp": "2026-07-10T14:21:19.835572Z"}, {"uuid": "998dfd67-e6de-481f-93a9-97505012979c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41880", "type": "seen", "source": "https://cert.pl/en/posts/2026/07/CVE-2026-41876", "content": "", "creation_timestamp": "2026-07-10T16:15:05.662442Z"}, {"uuid": "92241f74-9bb1-4c15-a1f3-dfe9156270a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41880", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqd3brx24f2e", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-41880 \u0432 R-SOFT DMS: \u0443\u0433\u0440\u043e\u0437\u0430 OS Command Injection \u0432 \u043c\u043e\u0434\u0443\u043b\u0435 OCR\n\n\n\nhttps://kripta.biz/posts/3DFBCB9E-3018-43AB-B580-7A3CACDD274F", "creation_timestamp": "2026-07-10T21:20:32.547148Z"}]}