FKIE_CVE-2026-26142
Vulnerability from fkie_nvd - Published: 2026-06-09 17:17 - Updated: 2026-06-29 15:19
Severity
Summary
Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26142 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | nuance_powerscribe_360 | 4.0.0 | |
| microsoft | nuance_powerscribe_360 | 4.0.1 | |
| microsoft | nuance_powerscribe_360 | 4.0.2 | |
| microsoft | nuance_powerscribe_360 | 4.0.3 | |
| microsoft | nuance_powerscribe_360 | 4.0.4 | |
| microsoft | nuance_powerscribe_360 | 4.0.5 | |
| microsoft | nuance_powerscribe_360 | 4.0.6 | |
| microsoft | nuance_powerscribe_360 | 4.0.7 | |
| microsoft | nuance_powerscribe_360 | 4.0.8 | |
| microsoft | nuance_powerscribe_360 | 4.0.9 | |
| microsoft | nuance_powerscribe_one | 2019.1 | |
| microsoft | nuance_powerscribe_one | 2019.2 | |
| microsoft | nuance_powerscribe_one | 2019.3 | |
| microsoft | nuance_powerscribe_one | 2019.4 | |
| microsoft | nuance_powerscribe_one | 2019.5 | |
| microsoft | nuance_powerscribe_one | 2019.6 | |
| microsoft | nuance_powerscribe_one | 2019.7 | |
| microsoft | nuance_powerscribe_one | 2019.8 | |
| microsoft | nuance_powerscribe_one | 2019.9 | |
| microsoft | nuance_powerscribe_one | 2019.10 | |
| microsoft | nuance_powerscribe_one | 2023.1 | |
| microsoft | nuance_powerscribe_one | 2023.1 |
{
"affected": [
{
"affectedData": [
{
"product": "Nuance PowerScribe 360 4.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.11.49",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe 360 version 4.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.111.68",
"status": "affected",
"version": "4.0.1",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe 360 version 4.0.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.154.18",
"status": "affected",
"version": "4.0.2",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe 360 version 4.0.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.197.10",
"status": "affected",
"version": "4.0.3",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe 360 version 4.0.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.212.10",
"status": "affected",
"version": "4.0.4",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe 360 version 4.0.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.243.19",
"status": "affected",
"version": "4.0.5",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe 360 version 4.0.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.277.28",
"status": "affected",
"version": "4.0.6",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe 360 version 4.0.7",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.316.12",
"status": "affected",
"version": "4.0.7",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe 360 version 4.0.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.427.15",
"status": "affected",
"version": "4.0.8",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe 360 version 4.0.9",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.528.24",
"status": "affected",
"version": "4.0.9",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe One version 2019.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2019.1.96.6",
"status": "affected",
"version": "2019.1",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe One version 2019.10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2019.10.36.14",
"status": "affected",
"version": "2019.10",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe One version 2019.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2019.2.9.11",
"status": "affected",
"version": "2019.2",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe One version 2019.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2019.3.16.21",
"status": "affected",
"version": "2019.3",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe One version 2019.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2019.4.9.17",
"status": "affected",
"version": "2019.4",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe One version 2019.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2019.5.14.40",
"status": "affected",
"version": "2019.5",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe One version 2019.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2019.6.36.40",
"status": "affected",
"version": "2019.6",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe One version 2019.7",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2019.7.107.26",
"status": "affected",
"version": "2019.7",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe One version 2019.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2019.8.43.19",
"status": "affected",
"version": "2019.8",
"versionType": "custom"
}
]
},
{
"product": "Nuance PowerScribe One version 2019.9",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2019.9.31.23",
"status": "affected",
"version": "2019.9",
"versionType": "custom"
}
]
},
{
"product": "PowerScribe One version 2023.1 SP2 Patch 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2023.2.3054",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"product": "PowerScribe One version 2023.1 SP3 Patch 6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2023.3.9072",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
}
],
"source": "secure@microsoft.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_360:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4505FF36-5D27-40BD-9BB1-F426E1F22108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_360:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A11285B4-4EC6-4BF1-8A1B-47FF97C4FDB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_360:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "338738D0-96CD-408B-B782-1C5BA01B3753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_360:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B5C5313-39F8-4C4C-A789-E64F2AD7D150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_360:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E14BBD-F77C-4946-A4C9-143E47299977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_360:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF04E38-FD09-4B6B-B5CF-F0F49982CF1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_360:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "463A6A94-C936-44B4-B4B6-6C88A93F1D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_360:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "98EC89A0-23EE-4638-A2C3-4C4D917DA9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_360:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "67F8EF7B-FE3C-42FE-A00B-40E7CFCDA961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_360:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F5B27622-02CA-4374-91B8-52BED59F92EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62329468-E85C-4A3C-A0BF-8BA11941DED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EDC600D-8637-4BAB-AC7D-A9D95B03DAB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.3:*:*:*:*:*:*:*",
"matchCriteriaId": "47AC5A9D-8016-4BDB-9D8F-098CFD93855A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9B6B794A-C467-411D-9468-A7ADDA7D6157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.5:*:*:*:*:*:*:*",
"matchCriteriaId": "870B35F1-75F2-4EBB-A4C5-F6C3118BBC25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.6:*:*:*:*:*:*:*",
"matchCriteriaId": "548FC39C-8C08-4285-A5FC-0785738C4471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4F44CAAE-A020-4F81-BF96-48F9D6559A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EA71CDB3-269C-4EE8-9F46-FD7CC1284B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F374C80B-0336-4687-879B-1745234B9E37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.10:*:*:*:*:*:*:*",
"matchCriteriaId": "682143B4-04BA-4C11-AAE8-E687B6BE4688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2023.1:sp2_patch_11:*:*:*:*:*:*",
"matchCriteriaId": "75FC9AE7-A491-4C3C-8D23-5E11F0F14265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2023.1:sp3_patch_6:*:*:*:*:*:*",
"matchCriteriaId": "CD88F6EF-23D2-41FF-A1BC-0EEB19CE17FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network."
}
],
"id": "CVE-2026-26142",
"lastModified": "2026-06-29T15:19:35.997",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-26142",
"options": [
{
"exploitation": "none"
},
{
"automatable": "yes"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T14:25:12.399806Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-06-09T17:17:03.087",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26142"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…