CVE-2026-0611

9.8 CRITICAL

Published: June 02, 2026 Modified: June 02, 2026

Description

Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel exposed on port 8989 that allows attackers to perform arbitrary file read and write operations by supplying valid .NET URI endpoints. Attackers can write ASPX webshells to the IIS wwwroot directory to achieve unauthenticated remote code execution on the system. Port 8989 is not exposed in a default Sentinel installation; exploitation requires that the .NET Remoting port has been explicitly made network-accessible through deliberate configuration or network policy changes.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://spacelabshealthcare.com/products/diagnostic-cardiology/connectivity/sentinel

Source: disclosure@vulncheck.com

https://spacelabshealthcare.com/wp-content/uploads/2026/06/079-0273-00-RevA-Security-Advisory-Sentinel-.NET-Remoting-Vulnerability.pdf

Source: disclosure@vulncheck.com

https://www.vulncheck.com/advisories/spacelabs-healthcare-sentinel-x-unauthenticated-rce-via-net-remoting

Source: disclosure@vulncheck.com

https://spacelabshealthcare.com/wp-content/uploads/2026/06/079-0273-00-RevA-Security-Advisory-Sentinel-.NET-Remoting-Vulnerability.pdf

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

4 reference(s) from NVD

Quick Stats

CVSS v3 Score

9.8 / 10.0

EPSS (Exploit Probability)

0.2%

49th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-306

Related CVEs

CVE-2026-12223 5.5

CVE-2026-12222 8.0

CVE-2026-12221 8.0

CVE-2026-12220 8.0

CVE-2026-12219 6.3