CVE-2026-39906 HIGH

CVE-2026-39906: Unisys WebPerfect Image Suite 3.0 NTLMv2 Hash Leakage via .NET Remoting

Vendor Unisys
Product WebPerfect Image Suite
Weakness CWE-441
Published April 14, 2026
Last update May 14, 2026

CVSS base score

7.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N

What the vulnerability does

01Description

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes by supplying a Windows UNC path as a target file argument through object-unmarshalling techniques. Attackers can capture the leaked NTLMv2 hash and relay it to other hosts to achieve privilege escalation or lateral movement depending on network configuration and patch level.

Key dates

02Disclosure timeline

April 14, 2026 CVE published
May 14, 2026 Record updated