QwikSec

Security Database

CVE

CWE

Training

CVE-2026-39906

Published: Apr 14, 2026

Modified: May 14, 2026

PUBLISHED

Description

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes by supplying a Windows UNC path as a target file argument through object-unmarshalling techniques. Attackers can capture the leaked NTLMv2 hash and relay it to other hosts to achieve privilege escalation or lateral movement depending on network configuration and patch level.

Vendor	Product	Versions
Unisys	WebPerfect Image Suite	affected `3.0.3960.22810` affected `3.0.3960.22604`

Weaknesses (CWE)

References

https://gist.github.com/VAMorales/be3e4ed472c51794493c1256cce16129

technical-description

exploit

https://www.unisys.com/solutions/cai/applications/

product

https://www.vulncheck.com/advisories/unisys-webperfect-image-suite-ntlmv2-hash-leakage-via-net-remoting

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.