CVE-2026-38945

Command injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to execute arbitrary code via a crafted path that matches the improperly terminated search criteria of rvia's Java search using the find command.

high 7.8 CVSS 3.1

Published: May 27, 2026

Modified: Jun 1, 2026

Description

References

https://github.com/Wise-Security/CVE-2026-38945
https://support.raynet.de/
https://support.raynet.de/hc/en-us/articles/46163206384788-RSEC200967-Java-Detection-Path-Traversal
https://github.com/Wise-Security/CVE-2026-38945/blob/main/CVE-2026-38945.sh

Version	3.1
Score	7.8 / 10
Severity	high