CVE-2026-39906

UNKNOWN 0.0

Unisys WebPerfect Image Suite 3.0 NTLMv2 Hash Leakage via .NET Remoting

CVSS Score

0.0

EPSS Score

0.2%

EPSS Percentile

39th

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes by supplying a Windows UNC path as a target file argument through object-unmarshalling techniques. Attackers can capture the leaked NTLMv2 hash and relay it to other hosts to achieve privilege escalation or lateral movement depending on network configuration and patch level.

CWE	CWE-441
Vendor	unisys
Product	webperfect image suite
Published	Apr 14, 2026
Last Updated	Apr 16, 2026

Stay Ahead of the Next One

Get instant alerts for unisys webperfect image suite

Be the first to know when new unknown vulnerabilities affecting unisys webperfect image suite are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unisys / WebPerfect Image Suite

3.0.3960.22810 3.0.3960.22604

References

NVD ↗ CVE.org ↗ EPSS Data ↗

unisys.com: https://www.unisys.com/solutions/cai/applications/ vulncheck.com: https://www.vulncheck.com/advisories/unisys-webperfect-image-suite-ntlmv2-hash-leakage-via-net-remoting

Credits

Victor A. Morales, Senior Pentester Team Leader, GM Sectec, Corp. VulnCheck