PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-58126 Hyland CVE debrief

CVE-2026-58126 is a critical vulnerability in PACSgear PACS Scan 5.2.1, allowing unauthenticated remote code execution. The vulnerability is caused by an exposed .NET Remoting TCP service on port 22222, which can be exploited to read and write arbitrary files. This can be chained with DLL hijacking to achieve remote code execution as NT Authority SYSTEM. The vulnerability has a CVSS score of 9.3 and is considered critical. Organizations using PACSgear PACS Scan 5.2.1 should prioritize patching this vulnerability to prevent potential remote code execution attacks.

Vendor
Hyland
Product
PACSgear PACS Scan
CVSS
CRITICAL 9.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-01
Original CVE updated
2026-07-09
Advisory published
2026-07-01
Advisory updated
2026-07-09

Who should care

Organizations using PACSgear PACS Scan 5.2.1 should prioritize patching this vulnerability to prevent potential remote code execution attacks. This requires coordination with IT teams to ensure timely application of security patches and to assess the current vulnerability management processes. Additionally, security teams should review and update their vulnerability management policies to include checks for this specific vulnerability. Operators and platform administrators must be informed about the risks associated with this vulnerability and the necessary steps for mitigation.

Technical summary

The vulnerability is caused by an exposed .NET Remoting TCP service on port 22222 in PACSgear PACS Scan 5.2.1. This service allows remote attackers to read and write arbitrary files without authentication. By chaining this with DLL hijacking in PGImageExchangeQueueSvc.exe, attackers can achieve remote code execution as NT Authority SYSTEM upon service restart. The exposed service and lack of authentication enable attackers to exploit this vulnerability easily. Organizations must ensure that the .NET Remoting TCP service is properly secured or disabled if not required. Implementing compensating controls such as network segmentation and monitoring can help mitigate the risk until a patch is applied.

Defensive priority

High

Recommended defensive actions

  • Apply the vendor-provided patch for PACSgear PACS Scan 5.2.1
  • Disable the .NET Remoting TCP service on port 22222 if not required
  • Implement compensating controls such as network segmentation and monitoring
  • Verify and restrict access to the affected service
  • Monitor for suspicious activity and implement exception tracking

Evidence notes

The CVE record was published on 2026-07-01T16:16:51.283Z and last modified on 2026-07-09T02:38:07.410Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects PACSgear PACS Scan 5.2.1 and allows unauthenticated remote code execution. The CVE record and NVD entry provide additional context on the vulnerability.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-01T16:16:51.283Z and has not been modified since then. The NVD entry is currently Analyzed.