Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.0
Unisys WebPerfect Image Suite: Exposes Machine Account Hashes to Remote Attackers
CVE-2026-39906
Summary
Versions 3.0.3960.22810 and 3.0.3960.22604 of Unisys WebPerfect Image Suite have a security weakness that allows hackers to access sensitive information about your network. This could potentially let them take control of your network or move laterally to other areas of your system if not addressed. You should update to a fixed version of the software as soon as possible to prevent this risk.
Original title
Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account ha...
Original description
Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes by supplying a Windows UNC path as a target file argument through object-unmarshalling techniques. Attackers can capture the leaked NTLMv2 hash and relay it to other hosts to achieve privilege escalation or lateral movement depending on network configuration and patch level.
nvd CVSS4.0
7.0
Vulnerability type
CWE-441
Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026