CVE-2026-5414 | Newgen OmniDocs up to 12.0.00 WebApiRequestRedirection DocumentId resource injection

A vulnerability described as critical has been identified in Newgen OmniDocs up to 12.0.00. Affected by this issue is some unknown functionality of the file /omnidocs/WebApiRequestRedirection. The manipulation of the argument DocumentId results in improper control of resource identifiers.

This vulnerability was named CVE-2026-5414. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5414 | Newgen OmniDocs up to 12.0.00 WebApiRequestRedirection DocumentId resource injection

Post correlati

CVE-2024-12465 | Property Hive Stamp Duty Calculator Plugin up to 1.0.22 on WordPress cross site scripting

CVE-2024-11098 | SVG Block Plugin up to 1.1.24 on WordPress SVG File Upload cross site scripting

CVE-2023-48645 | ARCHIBUS App 4.0.3 on iOS Maintenance Module sql injection

CVE-2026-21715 | Node.js up to 20.20.1/22.22.1/24.14.0/25.8.1 File Existence fs.realpathSync.native information disclosure