TWCERT discloses unauthenticated flaws in Openfind MailGates and Digiwin EasyFlow .NET
TWCERT published two high-severity vulnerability entries affecting enterprise software from Taiwanese vendors. Openfind MailGates/MailAudit is affected by CVE-2026-6351, a CWE-93 CRLF injection flaw that can be exploited by an unauthenticated remote attacker to read system files, creating a significant confidentiality risk. The issue was documented with CVSS v3.1 and v4.0 scoring and linked to TWCERT advisory references.
TWCERT also disclosed CVE-2026-5964 in Digiwin EasyFlow .NET, a CWE-89 SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL commands. Successful exploitation could let attackers read, modify, or delete database contents, affecting confidentiality, integrity, and availability. Both disclosures highlight externally reachable attack paths requiring no authentication and raise immediate patching and exposure-review concerns for organizations using the affected products.
Timeline
Apr 20, 2026
TWCERT receives CVE-2026-5963 report for Digiwin EasyFlow .NET
TWCERT received a report for CVE-2026-5963 affecting Digiwin EasyFlow .NET, describing a SQL injection flaw that could let unauthenticated remote attackers execute arbitrary SQL commands. The vulnerability could allow reading, modifying, or deleting database contents, and advisory references were added on the TWCERT/CC website.
Apr 20, 2026
TWCERT receives CVE-2026-5964 report for Digiwin EasyFlow .NET
A vulnerability report for Digiwin EasyFlow .NET was received by twcert@cert.org.tw describing a SQL injection flaw that could allow unauthenticated remote attackers to execute arbitrary SQL commands. The issue could enable reading, modifying, and deleting database contents, with CWE-89 and high-impact CVSS vectors recorded.
Apr 16, 2026
TWCERT receives CVE-2026-6351 report for Openfind MailGates/MailAudit
A vulnerability report for Openfind MailGates/MailAudit was received by twcert@cert.org.tw describing a CRLF injection flaw that could let unauthenticated remote attackers read system files. The entry classifies the issue as CWE-93 and records high confidentiality impact in CVSS scoring.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Affected Products
Sources
Related Stories
TWCERT/CC Discloses Critical Injection Flaws in NewSoftOA and Sunnet CTMS
TWCERT/CC published advisories for two high-severity enterprise software vulnerabilities that could let attackers compromise backend systems and data. **CVE-2026-5965** affects **NewSoftOA** from NewSoft and is an **OS command injection** flaw (`CWE-78`) that allows **unauthenticated remote attackers** to execute arbitrary operating system commands on the server. The issue carries a `CVSS v3.1` score with vector `AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`, indicating low-complexity network exploitation with high impact across confidentiality, integrity, and availability. A second advisory, **CVE-2026-7489**, affects **Sunnet CTMS** and describes a **SQL injection** vulnerability (`CWE-89`) that allows **authenticated remote attackers** to run arbitrary SQL commands against the application database. Successful exploitation could enable reading, modifying, and deleting database contents, with a `CVSS v3.1` vector of `AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H`. Both vulnerabilities were published with English and Chinese references by TWCERT/CC, underscoring continued exposure in internet-reachable business applications to injection attacks that can lead to full server compromise or severe database manipulation.
Today
Critical Unauthenticated RCE Flaws Disclosed in Openfind MailGates and Sagredo qmail
Openfind **MailGates/MailAudit** and **Sagredo qmail** were disclosed with critical remote code execution vulnerabilities that could let attackers compromise exposed mail infrastructure. **CVE-2026-6350** affects Openfind MailGates/MailAudit and is a stack-based buffer overflow (`CWE-121`) that allows an unauthenticated remote attacker to control execution flow and run arbitrary code. The flaw carries a **CVSS v3.1** score reflecting network exploitation with no privileges or user interaction and high impact across confidentiality, integrity, and availability, and was referenced in advisories published by **TWCERT/CC**. A second flaw, **CVE-2026-41113**, affects **Sagredo qmail** versions before `2026.04.07` and enables remote code execution through `tls_quit` because `qmail-remote.c` uses `popen` in the `notlshosts_auto` component, a command injection issue tracked as `CWE-78`. The vulnerability was documented with references to public research, a GitHub publications repository, the fixing commit, pull request `#42`, and the patched `v2026.04.07` release, giving defenders a clear remediation path while underscoring the risk to internet-facing email systems.
2 weeks ago
Critical Root Access and Arbitrary File Write Flaws Disclosed in Network-Exposed Systems
Two high-severity vulnerabilities were disclosed affecting exposed application and device management surfaces, including a flaw that can give attackers **root access** and another that enables **arbitrary file write** through path traversal. **CVE-2026-3587** describes an unauthenticated remote attack path in a hidden CLI function that lets an attacker escape a restricted prompt and gain root access to the underlying Linux operating system, potentially leading to full device compromise. The issue was mapped to `CWE-912` and assigned a `CVSS v3.1` score vector of `AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H`, with CERT VDE publishing advisory `VDE-2026-020`. A separate vulnerability, **CVE-2026-5027**, affects Langflow's `POST /api/v2/files` endpoint, where improper sanitization of the multipart `filename` parameter allows path traversal using `../` sequences. An authenticated attacker can exploit the bug to write files to arbitrary filesystem locations, creating a route to compromise confidentiality, integrity, and availability. The flaw was classified as `CWE-22`, carries the `CVSS v3.1` vector `AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H`, and is referenced in Tenable advisory `TRA-2026-26`.
1 months ago