RSEC200967: Java Detection Path Traversal

Advisory ID: RSEC200967

CVE Identifier: CVE-2026-38945

Affected products: RayVentory Scan Engine 12.6 Update 8 and previous versions.

Description

The RayVentory Inventory Agent (rvia) was vulnerable to arbitrary code execution through a malformed find command used in Java executable detection. This vulnerability exploited the application's internal search logic rather than standard PATH manipulation.

Technical Details

  • Vulnerability Type: CWE-88 (Improper Neutralization of Argument Delimiters)
  • Attack Vector: Local
  • Impact: Arbitrary Code Execution (ACE)
  • Mechanism: The agent used a find command with improperly terminated search criteria to locate Java installations. Attackers could craft specific directory structures that satisfied the malformed search criteria, causing the agent to execute a malicious binary during the Java detection process.

Severity

  • Rating: Critical
  • CVSS Base Score: [Pending]

Remediation

  • Fixed Version: RayVentory Scan Engine 12.6.3800.131 Update 9 (Released Feb 4, 2026)
  • Changes: Implementation of native file system traversal APIs instead of external shell commands, path normalization, and binary verification prior to execution.

Credits

Vulnerability identified by Rafael José Núñez Gulías of WSG127

Global Timeline

  • Validation: January 16, 2026
  • Patch Development: January 29, 2026
  • Public Release: February 4, 2026

More information

For more information, refer to the Changelog (https://docs.raynet.de/rayventory/scan-engine/12.6-u9/Changelog.pdf).

Author: Alex Graf
Created at:
Last updated at:

Comments

Powered by Zendesk