CVE-2026-12578
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| deltaww | DTMSoft | * | affected |
Weaknesses
- CWE-502: CWE-502 Deserialization of untrusted data
Workarounds
Users are recommended to take the following mitigation measures:
Do not open unsolicited project files: Do not open or import unsolicited project files, untrusted Internet links, or unexpected attachments from emails, network shares, or USB drives. Always verify the source of the file before opening it.
Avoid running as administrator: Do not use the "Run as Administrator" option when launching the software. Running the software with standard user privileges effectively limits the damage of potential malicious code.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.