CVE-2026-12578 - Vulnerability Details - OpenCVE

The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Deltaww	Dtmsoft

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products

References

Link	Providers
https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00010_DTMSoft%20Project%20File%20Parsing%20Deserialization%20of%20Untrusted%20Data%20Remote%20Code%20(CVE-2026-12578)_v1.0.pdf

History

Tue, 30 Jun 2026 08:30:00 +0000

Type	Values Removed	Values Added
Description		The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code.
Title		DTMSoft - Deserialization of Untrusted Data Vulnerability
First Time appeared		Deltaww Deltaww dtmsoft
Weaknesses		CWE-502
CPEs		cpe:2.3:a:deltaww:dtmsoft::::::::
Vendors & Products		Deltaww Deltaww dtmsoft
References		https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00010_DTMSoft%20Project%20File%20Parsing%20Deserialization%20of%20Untrusted%20Data%20Remote%20Code%20(CVE-2026-12578)_v1.0.pdf
Metrics		cvssV4_0 `{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Deltaww

Published: 2026-06-30T07:20:59.492Z

Updated: 2026-06-30T07:20:59.492Z

Reserved: 2026-06-18T05:22:58.068Z

Link: CVE-2026-12578

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-30T09:30:03Z

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-12578", "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b", "state": "PUBLISHED", "assignerShortName": "Deltaww", "dateReserved": "2026-06-18T05:22:58.068Z", "datePublished": "2026-06-30T07:20:59.492Z", "dateUpdated": "2026-06-30T07:20:59.492Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b", "shortName": "Deltaww", "dateUpdated": "2026-06-30T07:20:59.492Z"}, "title": "DTMSoft - Deserialization of Untrusted Data Vulnerability", "datePublic": "2026-06-25T01:36:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-502", "description": "CWE-502 Deserialization of untrusted data", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-586", "descriptions": [{"lang": "en", "value": "CAPEC-586 Object Injection"}]}], "affected": [{"vendor": "deltaww", "product": "DTMSoft", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:deltaww:dtmsoft:*:*:*:*:*:*:*:*"}]}]}], "descriptions": [{"lang": "en", "value": "The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code."}]}], "references": [{"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00010_DTMSoft%20Project%20File%20Parsing%20Deserialization%20of%20Untrusted%20Data%20Remote%20Code%20(CVE-2026-12578)_v1.0.pdf"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.4, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "workarounds": [{"lang": "en", "value": "Users are recommended to take the following mitigation measures:\n\n * Do not open unsolicited project files: Do not open or import unsolicited project files, untrusted Internet links, or unexpected attachments from emails, network shares, or USB drives. Always verify the source of the file before opening it.\n\n * Avoid running as administrator: Do not use the \"Run as Administrator\" option when launching the software. Running the software with standard user privileges effectively limits the damage of potential malicious code.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Users are recommended to take the following mitigation measures:\n<br><ul><li>Do not open unsolicited project files: Do not open or import unsolicited project files, untrusted Internet links, or unexpected attachments from emails, network shares, or USB drives. Always verify the source of the file before opening it.\n</li><li>Avoid running as administrator: Do not use the \"Run as Administrator\" option when launching the software. Running the software with standard user privileges effectively limits the damage of potential malicious code.\n</li></ul><br>"}]}], "credits": [{"lang": "en", "value": "CISA", "type": "coordinator"}, {"lang": "en", "value": "kimiya working with Trend Micro Zero Day Initiative", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}}}