CVE-2026-0611
published 2026-06-02CVE-2026-0611: Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a…
PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.66%
47.1th percentile
Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel exposed on port 8989 that allows attackers to perform arbitrary file read and write operations by supplying valid .NET URI endpoints. Attackers can write ASPX webshells to the IIS wwwroot directory to achieve unauthenticated remote code execution on the system. Port 8989 is not exposed in a default Sentinel installation; exploitation requires that the .NET Remoting port has been explicitly made network-accessible through deliberate configuration or network policy changes.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| spacelabs_healthcare | sentinel | >= 10.5.0 < 11.6.0 | 11.6.0 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.2CRITICALCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Spacelabs Healthcare Sentinel up to 11.5.x NET URI Endpoint missing authentication
vuldb·2026-06-02·CVSS 9.2
CVE-2026-0611 [CRITICAL] Spacelabs Healthcare Sentinel up to 11.5.x NET URI Endpoint missing authentication
A vulnerability was found in Spacelabs Healthcare Sentinel up to 11.5.x. It has been classified as critical. Affected by this issue is some unknown functionality of the component NET URI Endpoint. Performing a manipulation results in missing authentication.
This vulnerability is known as CVE-2026-0611. Remote exploitation of the attack is possible. No exploit is available.
Upgrading the affected component is recommended.
GHSA
Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel exposed
ghsa_unreviewed·2026-06-02
CVE-2026-0611 [CRITICAL] CWE-306 Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel exposed
Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel exposed on port 8989 that allows attackers to perform arbitrary file read and write operations by supplying valid .NET URI endpoints. Attackers can write ASPX webshells to the IIS wwwroot directory to achieve unauthenticated remote code execution on the system. Port 8989 is not exposed in a default Sentinel installation; exploitation requires that the .NET Remoting port has been explicitly made network-accessible through deliberate configuration or network policy changes.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://spacelabshealthcare.com/products/diagnostic-cardiology/connectivity/sentinelhttps://spacelabshealthcare.com/wp-content/uploads/2026/06/079-0273-00-RevA-Security-Advisory-Sentinel-.NET-Remoting-Vulnerability.pdfhttps://www.vulncheck.com/advisories/spacelabs-healthcare-sentinel-x-unauthenticated-rce-via-net-remotinghttps://spacelabshealthcare.com/wp-content/uploads/2026/06/079-0273-00-RevA-Security-Advisory-Sentinel-.NET-Remoting-Vulnerability.pdf
2026-06-02
Published