CVE-2026-39906
published 2026-04-14CVE-2026-39906: Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated…
PriorityP272critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.69%
48.0th percentile
Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes by supplying a Windows UNC path as a target file argument through object-unmarshalling techniques. Attackers can capture the leaked NTLMv2 hash and relay it to other hosts to achieve privilege escalation or lateral movement depending on network configuration and patch level.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| unisys | webperfect_image_suite | — | — |
| unisys | webperfect_image_suite | — | — |
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv4.07.0HIGHCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qhm2-fwj3-3r79: Unisys WebPerfect Image Suite versions 3
ghsa_unreviewed·2026-04-15
CVE-2026-39906 [HIGH] CWE-441 GHSA-qhm2-fwj3-3r79: Unisys WebPerfect Image Suite versions 3
Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes by supplying a Windows UNC path as a target file argument through object-unmarshalling techniques. Attackers can capture the leaked NTLMv2 hash and relay it to other hosts to achieve privilege escalation or lateral movement depending on network configuration and patch level.
VulDB
Unisys WebPerfect Image Suite 3.0.3960.22604/3.0.3960.22810 Network Configuration target file confused deputy
vuldb·2026-04-14·CVSS 7.0
CVE-2026-39906 [HIGH] Unisys WebPerfect Image Suite 3.0.3960.22604/3.0.3960.22810 Network Configuration target file confused deputy
A vulnerability marked as critical has been reported in Unisys WebPerfect Image Suite 3.0.3960.22604/3.0.3960.22810. Affected by this vulnerability is an unknown functionality of the component Network Configuration Handler. The manipulation of the argument target file leads to unintended intermediary.
This vulnerability is traded as CVE-2026-39906. It is possible to initiate the attack remotely. There is no exploit available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-14
Published