PatchSiren cyber security CVE debrief
CVE-2026-58126 Hyland CVE debrief
CVE-2026-58126 is a critical vulnerability in PACSgear PACS Scan 5.2.1, allowing unauthenticated remote code execution. The vulnerability is caused by an exposed .NET Remoting TCP service on port 22222, which can be exploited to read and write arbitrary files. This can be chained with DLL hijacking to achieve remote code execution as NT Authority SYSTEM. The vulnerability has a CVSS score of 9.3 and is considered critical. Organizations using PACSgear PACS Scan 5.2.1 should prioritize patching this vulnerability to prevent potential remote code execution attacks.
- Vendor
- Hyland
- Product
- PACSgear PACS Scan
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-01
- Original CVE updated
- 2026-07-09
- Advisory published
- 2026-07-01
- Advisory updated
- 2026-07-09
Who should care
Organizations using PACSgear PACS Scan 5.2.1 should prioritize patching this vulnerability to prevent potential remote code execution attacks. This requires coordination with IT teams to ensure timely application of security patches and to assess the current vulnerability management processes. Additionally, security teams should review and update their vulnerability management policies to include checks for this specific vulnerability. Operators and platform administrators must be informed about the risks associated with this vulnerability and the necessary steps for mitigation.
Technical summary
The vulnerability is caused by an exposed .NET Remoting TCP service on port 22222 in PACSgear PACS Scan 5.2.1. This service allows remote attackers to read and write arbitrary files without authentication. By chaining this with DLL hijacking in PGImageExchangeQueueSvc.exe, attackers can achieve remote code execution as NT Authority SYSTEM upon service restart. The exposed service and lack of authentication enable attackers to exploit this vulnerability easily. Organizations must ensure that the .NET Remoting TCP service is properly secured or disabled if not required. Implementing compensating controls such as network segmentation and monitoring can help mitigate the risk until a patch is applied.
Defensive priority
High
Recommended defensive actions
- Apply the vendor-provided patch for PACSgear PACS Scan 5.2.1
- Disable the .NET Remoting TCP service on port 22222 if not required
- Implement compensating controls such as network segmentation and monitoring
- Verify and restrict access to the affected service
- Monitor for suspicious activity and implement exception tracking
Evidence notes
The CVE record was published on 2026-07-01T16:16:51.283Z and last modified on 2026-07-09T02:38:07.410Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects PACSgear PACS Scan 5.2.1 and allows unauthenticated remote code execution. The CVE record and NVD entry provide additional context on the vulnerability.
Official resources
-
CVE-2026-58126 CVE record
CVE.org
-
CVE-2026-58126 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Third Party Advisory
-
Source reference
[email protected] - Product
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-01T16:16:51.283Z and has not been modified since then. The NVD entry is currently Analyzed.