PT-2026-54908 · Pacsgear · Pacsgear Pacs Scan

Jan A. Rodriguez

+1

·

Published

2026-07-01

·

Updated

2026-07-02

·

CVE-2026-58126

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions PACSgear PACS Scan version 5.2.1
Description An unauthenticated remote code execution issue exists due to an exposed .NET Remoting TCP service on port 22222 used by PGImageExchQueue.exe. The flaw stems from insecure remoting endpoints and improper authentication and access control, allowing remote attackers to read and write arbitrary files. This capability can be chained with DLL hijacking in PGImageExchangeQueueSvc.exe, which loads missing DLLs such as CRYPTSP.DLL from the application directory. Upon service restart, this allows for remote code execution with NT AUTHORITYSYSTEM privileges, potentially leading to complete host takeover, lateral movement, and data theft in clinical imaging environments.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Deserialization of Untrusted Data

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-58126

Affected Products

Pacsgear Pacs Scan