Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-26222
PUBLISHED
More InfoOfficial Page
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
View Known Exploited Vulnerability (KEV) details
Published At-24 Feb, 2026 | 17:33
Updated At-24 Feb, 2026 | 17:36
Rejected At-
▼CVE Numbering Authority (CNA)
DocLink .NET Remoting Unauthenticated Arbitrary File Read/Write RCE

Altec DocLink (now maintained by Beyond Limits Inc.) version 4.0.336.0 exposes insecure .NET Remoting endpoints over TCP and HTTP/SOAP via Altec.RDCHostService.exe using the ObjectURI "doclinkServer.soap". The service does not require authentication and is vulnerable to unsafe object unmarshalling, allowing remote attackers to read arbitrary files from the underlying system by specifying local file paths. Additionally, attackers can coerce SMB authentication via UNC paths and write arbitrary files to server locations. Because writable paths may be web-accessible under IIS, this can result in unauthenticated remote code execution or denial of service through file overwrite.

Affected Products
Vendor
Beyond Limits Inc.
Product
Altec DocLink
Default Status
unknown
Versions
Affected
  • 4.0.336.0
Problem Types
TypeCWE IDDescription
CWECWE-502CWE-502 Deserialization of Untrusted Data
CWECWE-918CWE-918 Server-Side Request Forgery (SSRF)
Type: CWE
CWE ID: CWE-502
Description: CWE-502 Deserialization of Untrusted Data
Type: CWE
CWE ID: CWE-918
Description: CWE-918 Server-Side Request Forgery (SSRF)
Metrics
VersionBase scoreBase severityVector
4.010.0CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Version: 4.0
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Victor A. Morales, Senior Pentester Team Leader, GM Sectec, Corp
finder
Omar Crespo, Pentester, GM Sectec, Corp
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://doclinkai.com/
product
https://www.vulncheck.com/advisories/doclink-net-remoting-unauthenticated-arbitrary-file-read-write-rce
third-party-advisory
Hyperlink: https://doclinkai.com/
Resource:
product
Hyperlink: https://www.vulncheck.com/advisories/doclink-net-remoting-unauthenticated-arbitrary-file-read-write-rce
Resource:
third-party-advisory
Details not found