Spacelabs Sentinel Pre-Auth RCE via .NET Remoting (CVE-2026-0611)

Vulnerability Overview Vulnerability Name: Sentinel Version 10.5.x and 11.x.x Vulnerability Assessment and Potential Product Impact Statement Vulnerability Description: Spacelabs Healthcare identified an unauthenticated remote code execution (RCE) vulnerability via a legacy .NET Remoting HTTP channel (port 9889). This vulnerability allows attackers to execute arbitrary file read and write operations by providing a valid .NET URI endpoint, resulting in unauthenticated remote code execution. Reference Document ID: 079-0273-00 Version: A Publication Date: 2026-05-29 Status: ACTIVE Related CVEs: CVE-2026-0611 Impact Scope Affected Products: Sentinel v10.5.x and v11.x.x Impact Assessment: The vulnerability impacts the confidentiality, integrity, and availability of the Sentinel software. CVSS Score: - Unmitigated CVSS Score: 9.2 - Mitigated CVSS Score: 2.3 CVSS Vector String: - Unmitigated: CVSS:4.0/AV:N/AC:L/PR:N/UI:N/VC:H/VI:H/SC:N/SI:N/SA:N - Mitigated: CVSS:4.0/AV:A/AC:L/PR:N/UI:N/VC:L/VI:L/SC:N/SI:N/SA:N Remediation Recommended Actions: Update Sentinel software to the latest version, v11.6.2. This version includes fixes for the .NET software component exploited in the Proof of Concept (PoC) reported by GM SecTec. Acknowledgments: Spacelabs thanks VulnCheck and GM SecTec for their collaboration and contributions. Code Block No Proof of Concept (PoC) or exploit code is included in this document.

Goal Reached Thanks to every supporter — we hit 100%!

Spacelabs Sentinel Pre-Auth RCE via .NET Remoting (CVE-2026-0611)