CVE-2026-58126
Received Received - Intake

Unauthenticated Remote Code Execution in PACSgear PACS Scan 5.2.1

Vulnerability report for CVE-2026-58126, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: VulnCheck

Description

PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary files by exploiting an exposed .NET Remoting TCP service on port 22222 via PGImageExchQueue.exe without any authentication requirement. Attackers can chain the arbitrary file write primitive with DLL hijacking in PGImageExchangeQueueSvc.exe, which loads missing DLLs such as CRYPTSP.DLL from the application directory, to achieve remote code execution as NT Authority\SYSTEM upon service restart.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
hyland pacsgear_pacs_scan 5.2.1
hyland pacsgear_pacs_scan to 5.2.1 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-58126 is a critical vulnerability in PACSgear PACS Scan version 5.2.1 and below that allows unauthenticated remote attackers to execute arbitrary code on the affected system.

The vulnerability arises because the application exposes a .NET Remoting TCP service on port 22222 via the PGImageExchQueue.exe process without any authentication checks. Attackers can exploit this to read and write arbitrary files on the system.

By leveraging the arbitrary file write capability, attackers can perform DLL hijacking in the PGImageExchangeQueueSvc.exe service, which loads missing DLLs such as CRYPTSP.DLL from the application directory. By replacing these DLLs with malicious payloads, attackers can achieve remote code execution with SYSTEM privileges when the service restarts.

Impact Analysis

This vulnerability can have severe impacts including full system compromise.

  • Attackers can remotely execute code as NT Authority\SYSTEM, the highest privilege level on Windows systems.
  • They can read and write arbitrary files without any authentication, potentially leading to data theft, data manipulation, or destruction.
  • The system can be fully controlled by attackers, allowing them to install malware, create backdoors, or disrupt services.
Detection Guidance

This vulnerability can be detected by identifying if the PACSgear PACS Scan 5.2.1 or below is running and if the .NET Remoting TCP service is exposed on port 22222 without authentication.

You can scan your network or system for open TCP port 22222 to check if the vulnerable service is exposed.

  • Use a network scanning tool like nmap: nmap -p 22222 <target-ip>
  • Check running processes for PGImageExchQueue.exe which registers the .NET Remoting service.
  • Attempt to connect to the .NET Remoting service on port 22222 to verify if it responds without authentication.
Mitigation Strategies

Immediate mitigation steps include restricting access to port 22222 to trusted hosts only, such as by firewall rules or network segmentation, to prevent unauthenticated remote access.

If possible, stop or disable the PGImageExchQueue.exe service or the associated .NET Remoting TCP service until a patch or update is applied.

Apply any available patches or updates from the vendor to upgrade PACSgear PACS Scan to a version that fixes this vulnerability.

Monitor for suspicious activity such as unexpected file writes or service restarts that could indicate exploitation attempts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-58126. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart