CRITICAL🇵🇱 Wersja polska

CVE-2026-26222

CVSS 10.0v4.0pub. 2026-02-24upd. 2026-02-27

Altec DocLink (now maintained by Beyond Limits Inc.) version 4.0.336.0 exposes insecure .NET Remoting endpoints over TCP and HTTP/SOAP via Altec.RDCHostService.exe using the ObjectURI "doclinkServer.soap". The service does not require authentication and is vulnerable to unsafe object unmarshalling, allowing remote attackers to read arbitrary files from the underlying system by specifying local file paths. Additionally, attackers can coerce SMB authentication via UNC paths and write arbitrary files to server locations. Because writable paths may be web-accessible under IIS, this can result in unauthenticated remote code execution or denial of service through file overwrite.

🤖 AI Analysis
How it works

The Altec.RDCHostService.exe service exposes .NET Remoting endpoints over TCP and HTTP/SOAP using the ObjectURI 'doclinkServer.soap', without requiring any authentication. The lack of access control combined with unsafe deserialization of .NET objects (CWE-502) allows an attacker to read arbitrary files from the system by providing local paths, as well as to force SMB authentication using UNC paths (SSRF/CWE-918). Moreover, an attacker can write files to any location on the server — if they are accessible through IIS, it is possible to place a malicious webshell file and achieve unauthenticated RCE.

Impact

An attacker without any authentication can read arbitrary files from the system, force SMB authentication, write files to the server, and in the case of IIS access to writable paths — execute arbitrary code remotely (RCE) or cause a denial of service (DoS) by overwriting files.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references. Until an update is applied, it is recommended to restrict network access to .NET Remoting ports (TCP/HTTP) using a firewall, so that the endpoints of the Altec.RDCHostService.exe service are not accessible from untrusted networks.

Who is affected

Altec DocLink (currently maintained by Beyond Limits Inc.) version 4.0.336.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Beyond Altec Doclink

    APP
    Beyond
    4.0.336.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDoSDeserialization
CWE
References