216.73.217.64

CVE-2026-41878

· Published 10/07/2026 12:16 · Author: The MITRE Corporation

Labels: CVE-2026-41878

Essential information

Published
10/07/2026 12:16
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
7.1 HIGH (v4.0)
CISA KEV
No
CWE
CWE-639
CVSS vector

CVSS metrics

Description

R-SOFT DMS is vulnerable to Insecure Direct Object Reference (IDOR) attack in multiple file download endpoints. The application fetches files from the database by ID and serves them to whoever requests them, relying only on session authentication, meaning any valid user can access any file. This issue was fixed in version v3.19-2862 and v3.17-2580.

NVD status

NVD
View on NVD