Command injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to execute arbitrary code via a crafted path that matches the improperly terminated search criteria of rvia's Java search using the find command.
https://support.raynet.de/hc/en-us/articles/46163206384788-RSEC200967-Java-Detection-Path-Traversal
https://github.com/Wise-Security/CVE-2026-38945/blob/main/CVE-2026-38945.sh