Skip to main content

Bartender 2016

1 CVEs product

Monthly

CVE-2026-25550 CRITICAL Act Now

Unauthenticated remote code execution in Seagull Software BarTender 2010, 2016 (<=R9), and 2019 (<=R10) is reachable over TCP/7375 through the BtSystem.Service.exe .NET Remoting endpoint, which runs as NT AUTHORITY\SYSTEM. The exposed singleton uses BinaryServerFormatterSinkProvider with TypeFilterLevel=Full, allowing attackers to abuse deserialization-style object unmarshalling to read/write arbitrary files, coerce NTLMv2 authentication via UNC paths, or pivot to full code execution. No public exploit identified at time of analysis, but the VulnCheck advisory documents the attack primitives in detail.

Authentication Bypass RCE Bartender 2010 Bartender 2016 Bartender 2019
NVD
CVSS 4.0
9.3
EPSS
0.4%
EPSS 0% CVSS 9.3
CRITICAL Act Now

Unauthenticated remote code execution in Seagull Software BarTender 2010, 2016 (<=R9), and 2019 (<=R10) is reachable over TCP/7375 through the BtSystem.Service.exe .NET Remoting endpoint, which runs as NT AUTHORITY\SYSTEM. The exposed singleton uses BinaryServerFormatterSinkProvider with TypeFilterLevel=Full, allowing attackers to abuse deserialization-style object unmarshalling to read/write arbitrary files, coerce NTLMv2 authentication via UNC paths, or pivot to full code execution. No public exploit identified at time of analysis, but the VulnCheck advisory documents the attack primitives in detail.

Authentication Bypass RCE Bartender 2010 +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy