Back to overview

CVE-2026-58126

CRITICAL Exploitation: PoC
9.8
CVSS 3.1
Description
PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary files by exploiting an exposed .NET Remoting TCP service on port 22222 via PGImageExchQueue.exe without any authentication requirement. Attackers can chain the arbitrary file write primitive with DLL hijacking in PGImageExchangeQueueSvc.exe, which loads missing DLLs such as CRYPTSP.DLL from the application directory, to achieve remote code execution as NT Authority\SYSTEM upon service restart.

Metadata

CVE ID
CVE-2026-58126
State
PUBLISHED
Assigner
VulnCheck
Reserved
2026-06-29 14:13 UTC
Published
2026-07-01 14:39 UTC
Last updated
2026-07-01 16:06 UTC
Primary CWE
CWE-306
Missing Authentication for Critical Function
Vendor / Product
Hyland / PACSgear PACS Scan
Sources
cve.org  ·  NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC — CISA Coordinator
Exploitation
PoC
Automatable
yes
Tech. Impact
total
Affected products (1)
VendorProductPlatformVersions
Hyland PACSgear PACS Scan 5.2.1
Weakness (CWE)
CWESourceDescription
CWE-306 cna Missing Authentication for Critical Function
CWE-502 cna Deserialization of Untrusted Data
CVSS scores (2)
ScoreSeverityVersionSourceVector
9.8 CRITICAL 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 CRITICAL 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Back to overview