Skip to main content

Pacsgear Pacs Scan CVE-2026-58126

| EUVDEUVD-2026-41036 CRITICAL
Missing Authentication for Critical Function (CWE-306)
2026-07-01 VulnCheck GHSA-v3r5-hc9j-49g7
9.3
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (VulnCheck) · only source for this CVE.

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 01, 2026 - 15:51 vuln.today
CVE Published
Jul 01, 2026 - 14:39 cve.org
CRITICAL 9.3

DescriptionCVE.org

PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary files by exploiting an exposed .NET Remoting TCP service on port 22222 via PGImageExchQueue.exe without any authentication requirement. Attackers can chain the arbitrary file write primitive with DLL hijacking in PGImageExchangeQueueSvc.exe, which loads missing DLLs such as CRYPTSP.DLL from the application directory, to achieve remote code execution as NT Authority\SYSTEM upon service restart.

AnalysisAI

Unauthenticated remote code execution in Hyland PACSgear PACS Scan 5.2.1 lets remote attackers gain SYSTEM-level control of medical imaging servers by abusing an exposed .NET Remoting TCP service (PGImageExchQueue.exe) on port 22222. The exposed service grants arbitrary file read/write with no authentication, which is chained with a DLL hijack in the PGImageExchangeQueueSvc.exe service to run code as NT AUTHORITY\SYSTEM. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

24 hours: Identify all Hyland PACSgear PACS Scan 5.2.1 installations; restrict network access to port 22222 (PGImageExchQueue.exe service) via firewall rules; document business-critical PACS dependencies. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-58126 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy