CVE-2026-0611

Name of the Vulnerable Software and Affected Versions Spacelabs Healthcare Sentinel versions 10.5.x and higher Spacelabs Healthcare Sentinel versions prior to 11.6.0

Description An unauthenticated remote code execution issue exists via a deprecated .NET Remoting HTTP channel exposed on port 8989. This allows attackers to perform arbitrary file read and write operations by providing valid .NET URI endpoints. By writing ASPX webshells to the IIS wwwroot directory, an attacker can achieve remote code execution on the system. This requires that port 8989 has been explicitly made network-accessible through configuration or network policy changes, as it is not exposed by default.

Recommendations Update Spacelabs Healthcare Sentinel to version 11.6.0 or later. Restrict network access to port 8989 to prevent unauthorized access to the .NET Remoting channel.