CVE-2026-26142EXPLOITEDPATCHED

Microsoft · Nuance PowerScribe 360 4.0

Nuance PowerScribe Remote Code Execution Vulnerability

Description

Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.

Affected Products

Vendor	Product	Versions
Microsoft	Nuance PowerScribe 360 4.0	4.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 2019.1, 2019.10, 2019.2, 2019.3, 2019.4, 2019.5, 2019.6, 2019.7, 2019.8, 2019.9, 2023.1, 2023.1

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
microsoft	nuance powerscribe 360 version	mitre_affected	90%
microsoft	nuance powerscribe one version	mitre_affected	90%
microsoft	powerscribe one version 2023.1 sp2 patch	mitre_affected	90%
microsoft	powerscribe one version 2023.1 sp3 patch	mitre_affected	90%

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26142(vendor-advisory, patch)

Related News (3 articles)

Tier C

Qualys Blog1h ago

Microsoft and Adobe Patch Tuesday, June 2026 Security Update Review

→ No new info (linked only)

Tier C

VulDB5h ago

CVE-2026-26142 | Microsoft PowerScribe One/Nuance PowerScribe One prior 7.0.243.19 deserialization

→ No new info (linked only)

Tier A

Microsoft MSRC8h ago

CVE-2026-26142 Nuance PowerScribe Remote Code Execution Vulnerability

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

7.0.11.497.0.111.687.0.154.187.0.197.107.0.212.107.0.243.197.0.277.287.0.316.127.0.427.157.0.528.242019.1.96.62019.10.36.142019.2.9.112019.3.16.212019.4.9.172019.5.14.402019.6.36.402019.7.107.262019.8.43.192019.9.31.232023.2.30542023.3.9072

CWECWE-502

PublishedJun 9, 2026

Last enriched5h agov3

Trending Score65

Source articles3

Independent3

Info Completeness10/14

Missing: epss, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-41091EXPKEV

Microsoft Defender Elevation of Privilege Vulnerability

Trending: 158

HIGHCVE-2026-33825EXPKEV

Microsoft Defender Elevation of Privilege Vulnerability

Trending: 158

MEDIUMCVE-2026-45498EXPKEV

Microsoft Defender Denial of Service Vulnerability

Trending: 144

CRITICALCVE-2026-41089EXPKEV

Windows Netlogon Remote Code Execution Vulnerability

Trending: 106

MEDIUMCVE-2026-45585EXP

Windows BitLocker Security Feature Bypass Vulnerability

Trending: 96

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 9, 2026

Discovered by ZDM

Jun 9, 2026

Updated: description, exploitAvailable, activelyExploited

Jun 9, 2026

Updated: affectedVersions

Jun 9, 2026

Actively Exploited

Jun 9, 2026

Exploit Available

Jun 9, 2026

Patch Available

Jun 9, 2026

Version History

Last enriched 5h ago

v3Tier C5h ago

Updated vendor and product to Microsoft PowerScribe One, added new affected version prior 7.0.243.19, and noted no exploit available.

affectedVersions

via VulDB

v2Tier A5h ago

Added a detailed description of the vulnerability and updated exploit availability status to true.

descriptionexploitAvailableactivelyExploited

via Microsoft MSRC

v15h ago

Initial creation

Vendor

Product

Versions

Microsoft

Nuance PowerScribe 360 4.0

4.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 2019.1, 2019.10, 2019.2, 2019.3, 2019.4, 2019.5, 2019.6, 2019.7, 2019.8, 2019.9, 2023.1, 2023.1

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor

Product

Source

Confidence

microsoft

nuance powerscribe 360 version

mitre_affected

90%

microsoft

nuance powerscribe one version

mitre_affected

90%

microsoft

powerscribe one version 2023.1 sp2 patch

mitre_affected

90%

microsoft

powerscribe one version 2023.1 sp3 patch

mitre_affected

90%