CVE-2026-26142

Summary

Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.

Affected Software

VendorProductVersion RangeStatus
MicrosoftNuance PowerScribe 360 4.04.0 < 7.0.11.49affected
MicrosoftNuance PowerScribe 360 version 4.0.14.0.1 < 7.0.111.68affected
MicrosoftNuance PowerScribe 360 version 4.0.24.0.2 < 7.0.154.18affected
MicrosoftNuance PowerScribe 360 version 4.0.34.0.3 < 7.0.197.10affected
MicrosoftNuance PowerScribe 360 version 4.0.44.0.4 < 7.0.212.10affected
MicrosoftNuance PowerScribe 360 version 4.0.54.0.5 < 7.0.243.19affected
MicrosoftNuance PowerScribe 360 version 4.0.64.0.6 < 7.0.277.28affected
MicrosoftNuance PowerScribe 360 version 4.0.74.0.7 < 7.0.316.12affected
MicrosoftNuance PowerScribe 360 version 4.0.84.0.8 < 7.0.427.15affected
MicrosoftNuance PowerScribe 360 version 4.0.94.0.9 < 7.0.528.24affected
MicrosoftNuance PowerScribe One version 2019.12019.1 < 2019.1.96.6affected
MicrosoftNuance PowerScribe One version 2019.102019.10 < 2019.10.36.14affected
MicrosoftNuance PowerScribe One version 2019.22019.2 < 2019.2.9.11affected
MicrosoftNuance PowerScribe One version 2019.32019.3 < 2019.3.16.21affected
MicrosoftNuance PowerScribe One version 2019.42019.4 < 2019.4.9.17affected
MicrosoftNuance PowerScribe One version 2019.52019.5 < 2019.5.14.40affected
MicrosoftNuance PowerScribe One version 2019.62019.6 < 2019.6.36.40affected
MicrosoftNuance PowerScribe One version 2019.72019.7 < 2019.7.107.26affected
MicrosoftNuance PowerScribe One version 2019.82019.8 < 2019.8.43.19affected
MicrosoftNuance PowerScribe One version 2019.92019.9 < 2019.9.31.23affected
MicrosoftPowerScribe One version 2023.1 SP2 Patch 112023.1 < 2023.2.3054affected
MicrosoftPowerScribe One version 2023.1 SP3 Patch 62023.1 < 2023.3.9072affected

Weaknesses

  • CWE-502: CWE-502: Deserialization of Untrusted Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References