CVE-2026-39907

Name of the Vulnerable Software and Affected Versions Unisys WebPerfect Image Suite version 3.0.3960.22810 Unisys WebPerfect Image Suite version 3.0.3960.22604

Description An unauthenticated WCF SOAP endpoint on TCP port 1208 accepts unsanitized file paths in the LFName parameter of the 'ReadLicense' action. This allows remote attackers to submit crafted SOAP requests containing UNC paths, forcing the server to initiate outbound SMB connections. This process leaks NTLMv2 machine-account hashes, which can be relayed for privilege escalation or lateral movement within the network.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.