CVE-2026-26142: Nuance PowerScribe Remote Code Execution Vulnerability

Overview

Severity: Critical (CVSS 9.8)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Category: Remote Code Execution
Exploit Status: Not Exploited
Exploitation Likelihood: Less Likely
Patch Tuesday: 2026-Jun
Released: 2026-06-09

Description

Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.

Affected Products (22)

Other

Nuance PowerScribe 360 version 4.0.5
Nuance PowerScribe 360 version 4.0.6
Nuance PowerScribe 360 version 4.0.7
Nuance PowerScribe 360 version 4.0.8
Nuance PowerScribe 360 version 4.0.9
Nuance PowerScribe One version 2019.1
Nuance PowerScribe One version 2019.2
Nuance PowerScribe One version 2019.3
Nuance PowerScribe 360 4.0
Nuance PowerScribe 360 version 4.0.1
Nuance PowerScribe 360 version 4.0.2
Nuance PowerScribe 360 version 4.0.3
Nuance PowerScribe 360 version 4.0.4
Nuance PowerScribe One version 2019.4
Nuance PowerScribe One version 2019.5
Nuance PowerScribe One version 2019.6
Nuance PowerScribe One version 2019.7
Nuance PowerScribe One version 2019.8
Nuance PowerScribe One version 2019.9
Nuance PowerScribe One version 2019.10
PowerScribe One version 2023.1 SP2 Patch 11
PowerScribe One version 2023.1 SP3 Patch 6

Security Updates (4)

Acknowledgments

<a href="https://www.linkedin.com/in/victor-morales-b52a32b3/">Víctor A. Morales</a> with <a href="https://www.gmsectec.com/">GM Sectec, Corp.</a>, <a href="https://www.linkedin.com/in/janrdrz/">Jan Rodríguez</a> with <a href="https://www.gmsectec.com/">GM Sectec, Corp.</a>

Revision History

2026-06-09: Information published.