CVE-2026-26142 – Nuance PowerScribe Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability has been identified in Nuance PowerScribe. This issue arises from the deserialization of untrusted data, allowing an unauthorized attacker to execute code over a network. The vulnerability affects multiple versions of Nuance PowerScribe One and Nuance PowerScribe 360.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users can download the security update for the vulnerable version from the Nuance Healthcare Support website. Instructions are available in the release notes for each affected version.

Added: Jun 9, 2026, 8:50 PM

Updated: Jun 9, 2026, 8:50 PM

Affected Products

Microsoft Nuance PowerScribe

Moderate fix12 remedies

>= 2019.10, < 2019.10.36.14
>= 2019.9, < 2019.9.31.23
>= 2019.8, < 2019.8.43.19
>= 2019.7, < 2019.7.107.26
>= 2019.6, < 2019.6.36.40
>= 2019.5, < 2019.5.14.40
>= 2019.4, < 2019.4.9.17
>= 2019.3, < 2019.3.16.21
>= 2019.2, < 2019.2.9.11
>= 2019.1, < 2019.1.96.6

Microsoft Nuance PowerScribe One

Moderate fix12 remedies

>= 2023.1 SP3 Patch 6, < 2023.1 SP3 Patch 6
>= 2023.1 SP2 Patch 11, < 2023.1 SP2 Patch 11
>= 2019.10, < 2019.10.36.14
>= 2019.9, < 2019.9.31.23
>= 2019.8, < 2019.8.43.19
>= 2019.7, < 2019.7.107.26
>= 2019.6, < 2019.6.36.40
>= 2019.5, < 2019.5.14.40
>= 2019.4, < 2019.4.9.17
>= 2019.3, < 2019.3.16.21
>= 2019.2, < 2019.2.9.11
>= 2019.1, < 2019.1.96.6

Microsoft Nuance PowerScribe 360

Moderate fix5 remedies

>= 4.0.4, < 4.0.4
>= 4.0.3, < 4.0.3
>= 4.0.2, < 4.0.2
>= 4.0.1, < 4.0.1
>= 4.0, < 4.0

CVSS Scores

volerion

9.2

CVSS 4.0

9.2

Critical

volerion

8.1

CVSS 3.1

8.1

High

Vendor

9.8

CVSS 3.1

9.8

Critical

Click a row to open the calculator.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26142

AdvisoryBundleRemedyVendor

Showing 1-1 of 1 references

Nuance PowerScribe Remote Code Execution Vulnerability