Skip to main content

Pacsgear Mediawriter

1 CVEs product

Monthly

CVE-2026-58127 CRITICAL POC Act Now

Unauthenticated remote code execution as SYSTEM affects Hyland PACSgear MediaWriter 5.2.1, which exposes an unauthenticated .NET Remoting TCP service (PacsgearMediaServerEngine.dll) on port 9000. Remote attackers abuse the MarshalByRefObject unmarshalling technique against the default ObjectURIs (RemoteObj/UIRemoteObj) to gain an arbitrary file read/write primitive, then chain it with DLL hijacking to execute code as NT AUTHORITY\SYSTEM. Publicly available exploit code exists (published by VulnCheck), making this a high-priority issue despite no CISA KEV listing at time of analysis.

Authentication Bypass RCE Pacsgear Mediawriter
NVD GitHub
CVSS 4.0
9.3
EPSS
0.8%
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

Unauthenticated remote code execution as SYSTEM affects Hyland PACSgear MediaWriter 5.2.1, which exposes an unauthenticated .NET Remoting TCP service (PacsgearMediaServerEngine.dll) on port 9000. Remote attackers abuse the MarshalByRefObject unmarshalling technique against the default ObjectURIs (RemoteObj/UIRemoteObj) to gain an arbitrary file read/write primitive, then chain it with DLL hijacking to execute code as NT AUTHORITY\SYSTEM. Publicly available exploit code exists (published by VulnCheck), making this a high-priority issue despite no CISA KEV listing at time of analysis.

Authentication Bypass RCE Pacsgear Mediawriter
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy