## Critical Vulnerability Information ### Vulnerability Name Hyland OnBase Timer Services Unauthenticated .NET Remoting RCE ### Severity Level CRITICAL ### Release Date 2/13/2026 ### Affected Versions - Hyland OnBase Workflow Timer Service 8.0 <= 17.0.x - Hyland OnBase Workview Timer Service (affected version range undefined) ### Vulnerability ID - CVE-2026-26221 ### CVE Details - CVE-502 Deserialization of Untrusted Data ### CVSS V4 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H ### Reference Links - [OnBase Product Webpage](link) - [OnBase Workflow Timer Service Bulletin](link) - [OnBase Workview Timer Service Bulletin](link) ### Description A critical unauthenticated .NET Remoting exposure exists in Hyland OnBase, affecting the OnBase Workflow Timer Service (Hyland.Core.Workflow.NTService.exe) file, and also reported by the vendor to affect the Workview Timer Service file. Attackers can exploit this exposure by sending specially crafted .NET Remoting requests, triggering unsafe deserialization of objects, which leads to remote code execution. ### Advisory Notes - Provides a brief overview of vulnerability prioritization handling and early warning systems.