Description
The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code.
Published: 2026-06-30
Score: 8.4 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

DTMSoft is vulnerable to deserialization of untrusted data, which can allow an attacker to execute arbitrary code. The weakness is a classic CWE‑502 flaw in which the program accepts arbitrary serialized input and processes it without adequate validation or sandboxing. If an attacker supplies a crafted project file, the application may instantiate malicious objects, leading to execution of attacker‑chosen code within the context of the running process.

Affected Systems

The affected vendor is DeltaWW and the product is DTMSoft. No specific product versions are provided in the available data, so all current releases of DTMSoft could potentially be impacted unless a later version includes a fix.

Risk and Exploitability

The CVSS score of 8.4 indicates a high severity for this flaw. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited current exploitation activity but still a critical risk. Based on the description, the likely attack vector is the tampering of project files that the software loads; an attacker could supply a malicious file either from a local source, via an email attachment, or through a network share. Running the application with standard user privileges mitigates the potential damage, as the workaround advises not to use "Run as Administrator" when launching the software.

Generated by OpenCVE AI on June 30, 2026 at 09:20 UTC.

Remediation

Vendor Workaround

Users are recommended to take the following mitigation measures: * Do not open unsolicited project files: Do not open or import unsolicited project files, untrusted Internet links, or unexpected attachments from emails, network shares, or USB drives. Always verify the source of the file before opening it. * Avoid running as administrator: Do not use the "Run as Administrator" option when launching the software. Running the software with standard user privileges effectively limits the damage of potential malicious code.

OpenCVE Recommended Actions

  • Do not open or import unsolicited project files, untrusted Internet links, or unexpected attachments from emails, network shares, or USB drives. Verify the source of the file before opening it.
  • Avoid using the "Run as Administrator" option when launching the software; run DTMSoft with standard user privileges instead.
  • Monitor the vendor’s website or trusted security advisory channels for an official patch or update, and apply it as soon as it becomes available.

Generated by OpenCVE AI on June 30, 2026 at 09:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 08:30:00 +0000

Type Values Removed Values Added
Description The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code.
Title DTMSoft - Deserialization of Untrusted Data Vulnerability
First Time appeared Deltaww
Deltaww dtmsoft
Weaknesses CWE-502
CPEs cpe:2.3:a:deltaww:dtmsoft:*:*:*:*:*:*:*:*
Vendors & Products Deltaww
Deltaww dtmsoft
References
Metrics cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Deltaww Dtmsoft
cve-icon MITRE

Status: PUBLISHED

Assigner: Deltaww

Published:

Updated: 2026-06-30T07:20:59.492Z

Reserved: 2026-06-18T05:22:58.068Z

Link: CVE-2026-12578

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T09:30:03Z

Weaknesses
  • CWE-502

    Deserialization of Untrusted Data