CVE-2026-58126
CriticalCVSS 9.8Exploitation Probability (EPSS)
Elevated risk50th percentile — higher than 50% of all known CVEs
Summary
PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary files by exploiting an exposed .NET Remoting TCP service on port 22222 via PGImageExchQueue.exe without any authentication requirement. Attackers can chain the arbitrary file write primitive with DLL hijacking in PGImageExchangeQueueSvc.exe, which loads missing DLLs such as CRYPTSP.DLL from the application directory, to achieve remote code execution as NT Authority\SYSTEM upon service restart.
Risk Assessment
The organization is at risk of complete system compromise by an unauthenticated attacker, potentially leading to data theft, malware installation, or service disruption.
Recommendation
Immediately disable or secure access to port 22222, update PACSgear software to the latest version, and implement authentication and access control mechanisms for .NET Remoting services.
Original NVD description (English source)
PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary files by exploiting an exposed .NET Remoting TCP service on port 22222 via PGImageExchQueue.exe without any authentication requirement. Attackers can chain the arbitrary file write primitive with DLL hijacking in PGImageExchangeQueueSvc.exe, which loads missing DLLs such as CRYPTSP.DLL from the application directory, to achieve remote code execution as NT Authority\SYSTEM upon service restart.

