CVE-2026-26142 | THREATINT

Home

Description

Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.

PUBLISHED Reserved 2026-02-11 | Published 2026-06-09 | Updated 2026-06-10 | Assigner microsoft

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Problem types

CWE-502: Deserialization of Untrusted Data

Product status

4.0 (custom) before 7.0.11.49

affected

4.0.1 (custom) before 7.0.111.68

affected

4.0.2 (custom) before 7.0.154.18

affected

4.0.3 (custom) before 7.0.197.10

affected

4.0.4 (custom) before 7.0.212.10

affected

4.0.5 (custom) before 7.0.243.19

affected

4.0.6 (custom) before 7.0.277.28

affected

4.0.7 (custom) before 7.0.316.12

affected

4.0.8 (custom) before 7.0.427.15

affected

4.0.9 (custom) before 7.0.528.24

affected

2019.1 (custom) before 2019.1.96.6

affected

2019.10 (custom) before 2019.10.36.14

affected

2019.2 (custom) before 2019.2.9.11

affected

2019.3 (custom) before 2019.3.16.21

affected

2019.4 (custom) before 2019.4.9.17

affected

2019.5 (custom) before 2019.5.14.40

affected

2019.6 (custom) before 2019.6.36.40

affected

2019.7 (custom) before 2019.7.107.26

affected

2019.8 (custom) before 2019.8.43.19

affected

2019.9 (custom) before 2019.9.31.23

affected

2023.1 (custom) before 2023.2.3054

affected

2023.1 (custom) before 2023.3.9072

affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26142 (Nuance PowerScribe Remote Code Execution Vulnerability) vendor-advisory patch

cve.org (CVE-2026-26142)

nvd.nist.gov (CVE-2026-26142)

Download JSON