Unauthenticated Remote Code Execution in Spacelabs Healthcare Sentinel
CVE-2026-0611

9.2CRITICAL

Key Information:

Vendor

Spacelabs Healthcare

Status
Sentinel
Vendor
CVE Published:
2 June 2026

What is CVE-2026-0611?

The Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x prior to 11.6.0 are susceptible to an unauthenticated remote code execution vulnerability. This issue arises due to a deprecated .NET Remoting HTTP channel that is exposed on port 8989. Attackers can exploit this vulnerability to perform unauthorized file operations by supplying valid .NET URI endpoints, allowing for arbitrary read and write actions. By leveraging this flaw, an attacker could deploy ASPX webshells to the IIS wwwroot directory, enabling them to execute remote commands without authentication. While port 8989 is not enabled by default, exposure occurs when the .NET Remoting port is intentionally made accessible through configuration changes or network policies.

Affected Version(s)

Sentinel 10.5.0

References

https://spacelabshealthcare.com/wp-content/uploads/2026/0...
vendor-advisorypatch
https://spacelabshealthcare.com/products/diagnostic-cardi...
product
https://www.vulncheck.com/advisories/spacelabs-healthcare...
third-party-advisory

CVSS V4

Score:
9.2
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Victor A. Morales, Senior Pentester Team Leader, GM Sectec, Corp.
Jan A. Rodriguez, Pentester, GM Sectec, Corp.
VulnCheck
.