HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-26142Published Modified CNA microsoft

CVE-2026-26142: Nuance PowerScribe Remote Code Execution Vulnerability

Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.

Metrics

CVSS v3.1
9.8
Severity
CRITICAL
Fixed in
7.0.11.49
Affected Products
22

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

Deserialization of untrusted data in Nuance PowerScribe 360 (versions 4.0 through 4.0.7) allows a remote attacker with no authentication to execute arbitrary code on the server. The vulnerability is reachable over the network and requires no user interaction, making it trivially exploitable by anyone with access to the service endpoint. Successful exploitation gives the attacker full control over the affected host, including the ability to read, modify, or destroy data and disrupt service availability. Patched-image rebuilds at the applicable fix versions are available on HarborGuard for environments running affected versions.

HarborGuard Coverage

Detection

Detection capability for CVE-2026-26142 is available across every HarborGuard environment, with the CVE matched against images in customer registries and CI/CD pipelines within minutes of feed ingestion, including custom-built images that bundle PowerScribe 360 components. Coverage extends to all affected version ranges across the 4.0 through 4.0.7 release lines.

Available
Triage

HarborGuard is capable of scoring this finding at CVSS 9.8 (Critical) and weighting it against each environment's compliance policy to determine urgency and ownership. Triage routing to the appropriate team inbox within each customer organization is available as part of the standard pipeline workflow.

Available
Patch

Patched-image rebuilds at the applicable fix versions (7.0.11.49 through 7.0.316.12, depending on the affected branch) are available on HarborGuard for environments running any affected PowerScribe 360 version. For customers who opt into auto-remediation, HarborGuard can perform a rebuild, run a regression test suite, and open a pull request against affected workloads automatically; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes for environments with auto-remediation enabled.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the PowerScribe 360 service over the network; the vulnerability is exposed via a network-accessible endpoint (AV:N).

  • AuthenticationNot required

    No account or credentials of any kind are needed; the malicious deserialization payload can be submitted by any unauthenticated caller (PR:N).

  • Victim interactionNot required

    The attacker does not need a user to click a link, open a file, or take any other action; exploitation is fully server-side (UI:N).

  • Attack complexityDetail

    Exploitation is reliable and condition-free; no race conditions, memory-layout knowledge, or environmental factors are required (AC:L).

Blast Radius

  • A successful attacker gains remote code execution on the PowerScribe 360 server, enabling arbitrary command execution under the application's process identity.
  • All data accessible to the server process, including radiology reports and stored credentials, can be read by the attacker (C:H).
  • The attacker can modify or delete persisted data such as patient reports, configuration, and database records (I:H).
  • The attacker can crash or otherwise disrupt the PowerScribe 360 service, making it unavailable to clinical users (A:H).

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-26142 fires against any image found to contain an affected PowerScribe 360 version, across all registered registries and pipeline stages. Given the CVSS 9.8 Critical rating and the zero-authentication, over-the-network exploit path, HarborGuard prioritizes this finding at the highest triage tier. Where compliance policy permits, auto-remediation customers receive a rebuilt image at the appropriate fix version, a regression test run, and a pull request opened against affected workloads; for critical-severity issues, median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled. Customers who have not opted into auto-remediation are encouraged to apply the relevant fix version for their release branch as a priority, and to evaluate network-policy controls that restrict which callers can reach the PowerScribe 360 endpoint while the patch is staged for deployment.

See how HarborGuard automates this

Fix available

7.0.11.497.0.111.687.0.154.187.0.197.107.0.212.107.0.243.197.0.277.287.0.316.127.0.427.157.0.528.242019.1.96.62019.2.9.112019.3.16.212019.4.9.172019.5.14.402019.6.36.402019.7.107.262019.8.43.192019.9.31.232019.10.36.142023.2.30542023.3.9072
Patch commits
Affected packages
  • Microsoft / Nuance PowerScribe 360 4.0
    < 7.0.11.49 (from 4.0)
  • Microsoft / Nuance PowerScribe 360 version 4.0.1
    < 7.0.111.68 (from 4.0.1)
  • Microsoft / Nuance PowerScribe 360 version 4.0.2
    < 7.0.154.18 (from 4.0.2)
  • Microsoft / Nuance PowerScribe 360 version 4.0.3
    < 7.0.197.10 (from 4.0.3)
  • Microsoft / Nuance PowerScribe 360 version 4.0.4
    < 7.0.212.10 (from 4.0.4)
  • Microsoft / Nuance PowerScribe 360 version 4.0.5
    < 7.0.243.19 (from 4.0.5)
  • Microsoft / Nuance PowerScribe 360 version 4.0.6
    < 7.0.277.28 (from 4.0.6)
  • Microsoft / Nuance PowerScribe 360 version 4.0.7
    < 7.0.316.12 (from 4.0.7)
  • Microsoft / Nuance PowerScribe 360 version 4.0.8
    < 7.0.427.15 (from 4.0.8)
  • Microsoft / Nuance PowerScribe 360 version 4.0.9
    < 7.0.528.24 (from 4.0.9)
  • Microsoft / Nuance PowerScribe One version 2019.1
    < 2019.1.96.6 (from 2019.1)
  • Microsoft / Nuance PowerScribe One version 2019.10
    < 2019.10.36.14 (from 2019.10)
  • Microsoft / Nuance PowerScribe One version 2019.2
    < 2019.2.9.11 (from 2019.2)
  • Microsoft / Nuance PowerScribe One version 2019.3
    < 2019.3.16.21 (from 2019.3)
  • Microsoft / Nuance PowerScribe One version 2019.4
    < 2019.4.9.17 (from 2019.4)
  • Microsoft / Nuance PowerScribe One version 2019.5
    < 2019.5.14.40 (from 2019.5)
  • Microsoft / Nuance PowerScribe One version 2019.6
    < 2019.6.36.40 (from 2019.6)
  • Microsoft / Nuance PowerScribe One version 2019.7
    < 2019.7.107.26 (from 2019.7)
  • Microsoft / Nuance PowerScribe One version 2019.8
    < 2019.8.43.19 (from 2019.8)
  • Microsoft / Nuance PowerScribe One version 2019.9
    < 2019.9.31.23 (from 2019.9)
  • Microsoft / PowerScribe One version 2023.1 SP2 Patch 11
    < 2023.2.3054 (from 2023.1)
  • Microsoft / PowerScribe One version 2023.1 SP3 Patch 6
    < 2023.3.9072 (from 2023.1)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References