CVE-2026-26142

CRITICAL

Nuance PowerScribe Remote Code Execution Vulnerability

Title source: cna
STIX 2.1

Description

Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
Nuance PowerScribe Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26142

Scores

CVSS v3 9.8
EPSS 0.0115
EPSS Percentile 62.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-502
Status published
Products (22)
Microsoft/Nuance PowerScribe 360 4.0 4.0 - 7.0.11.49
Microsoft/Nuance PowerScribe 360 version 4.0.1 4.0.1 - 7.0.111.68
Microsoft/Nuance PowerScribe 360 version 4.0.2 4.0.2 - 7.0.154.18
Microsoft/Nuance PowerScribe 360 version 4.0.3 4.0.3 - 7.0.197.10
Microsoft/Nuance PowerScribe 360 version 4.0.4 4.0.4 - 7.0.212.10
Microsoft/Nuance PowerScribe 360 version 4.0.5 4.0.5 - 7.0.243.19
Microsoft/Nuance PowerScribe 360 version 4.0.6 4.0.6 - 7.0.277.28
Microsoft/Nuance PowerScribe 360 version 4.0.7 4.0.7 - 7.0.316.12
Microsoft/Nuance PowerScribe 360 version 4.0.8 4.0.8 - 7.0.427.15
Microsoft/Nuance PowerScribe 360 version 4.0.9 4.0.9 - 7.0.528.24
... and 12 more
Published Jun 09, 2026
Tracked Since Jun 09, 2026