CVE-2026-26142
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Summary
Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microsoft | Nuance PowerScribe 360 4.0 | 4.0 < 7.0.11.49 | affected |
| Microsoft | Nuance PowerScribe 360 version 4.0.1 | 4.0.1 < 7.0.111.68 | affected |
| Microsoft | Nuance PowerScribe 360 version 4.0.2 | 4.0.2 < 7.0.154.18 | affected |
| Microsoft | Nuance PowerScribe 360 version 4.0.3 | 4.0.3 < 7.0.197.10 | affected |
| Microsoft | Nuance PowerScribe 360 version 4.0.4 | 4.0.4 < 7.0.212.10 | affected |
| Microsoft | Nuance PowerScribe 360 version 4.0.5 | 4.0.5 < 7.0.243.19 | affected |
| Microsoft | Nuance PowerScribe 360 version 4.0.6 | 4.0.6 < 7.0.277.28 | affected |
| Microsoft | Nuance PowerScribe 360 version 4.0.7 | 4.0.7 < 7.0.316.12 | affected |
| Microsoft | Nuance PowerScribe 360 version 4.0.8 | 4.0.8 < 7.0.427.15 | affected |
| Microsoft | Nuance PowerScribe 360 version 4.0.9 | 4.0.9 < 7.0.528.24 | affected |
| Microsoft | Nuance PowerScribe One version 2019.1 | 2019.1 < 2019.1.96.6 | affected |
| Microsoft | Nuance PowerScribe One version 2019.10 | 2019.10 < 2019.10.36.14 | affected |
| Microsoft | Nuance PowerScribe One version 2019.2 | 2019.2 < 2019.2.9.11 | affected |
| Microsoft | Nuance PowerScribe One version 2019.3 | 2019.3 < 2019.3.16.21 | affected |
| Microsoft | Nuance PowerScribe One version 2019.4 | 2019.4 < 2019.4.9.17 | affected |
| Microsoft | Nuance PowerScribe One version 2019.5 | 2019.5 < 2019.5.14.40 | affected |
| Microsoft | Nuance PowerScribe One version 2019.6 | 2019.6 < 2019.6.36.40 | affected |
| Microsoft | Nuance PowerScribe One version 2019.7 | 2019.7 < 2019.7.107.26 | affected |
| Microsoft | Nuance PowerScribe One version 2019.8 | 2019.8 < 2019.8.43.19 | affected |
| Microsoft | Nuance PowerScribe One version 2019.9 | 2019.9 < 2019.9.31.23 | affected |
| Microsoft | PowerScribe One version 2023.1 SP2 Patch 11 | 2023.1 < 2023.2.3054 | affected |
| Microsoft | PowerScribe One version 2023.1 SP3 Patch 6 | 2023.1 < 2023.3.9072 | affected |
Weaknesses
- CWE-502: CWE-502: Deserialization of Untrusted Data
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.