VULNERABILITY OVERVIEW
Deserialization of untrusted data (CWE-502) in Nuance PowerScribe, the dominant radiology dictation and reporting platform, allows an unauthenticated attacker to execute arbitrary code over the network with no credentials or user interaction required. Patches ship via the Nuance support portal — not Windows Update — making detection of unpatched systems in healthcare environments particularly difficult. Exploitation risk is high given direct connectivity to PACS and clinical imaging stacks.
CVSS BREAKDOWN
↗
Attack Vector
NETWORK
△
Attack Complexity
LOW
⚷
Privs Required
NONE
◈
User Interaction
NONE
⊕
Scope / Impact
UNCHANGED
C:H · I:H · A:H
AFFECTED VERSIONS
PowerScribe One 2019.1–2019.10, 2023.1 prior to SP3 Patch 6 (build 2023.3.9072) and SP2 Patch 11 (build 2023.2.3054); PowerScribe 360 Reporting versions 4.0–4.0.9CITATIONS
- → https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-26142
- → https://ap7i.com/posts/microsoft-june-2026-patch-tuesday/
- → https://www.crowdstrike.com/en-us/blog/patch-tuesday-analysis-june-2026/
- → https://blog.talosintelligence.com/microsoft-patch-tuesday-for-june-2026-snort-rules-and-prominent-vulnerabilities/