Seagull Software BarTender Unauthenticated RCE via .NET Remoting Service
CVE-2026-25550

9.3CRITICAL

Key Information:

Vendor: Seagull Software, Llc.
Status: Bartender 2010; Bartender 2016; Bartender 2019
Vendor: CVE Published:; 4 June 2026

🔔 Create Seagull Software, Llc. Vulnerability Alert

What is CVE-2026-25550?

Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The service registers an unauthenticated singleton endpoint — BarTenderSystem for BarTender 2016 <= R9, and DataServiceSingleton for BarTender 2019 <= R10 — configured with BinaryServerFormatterSinkProvider and TypeFilterLevel set to Full. An unauthenticated remote attacker can exploit .NET Remoting object unmarshalling to read or write arbitrary files on the server using the .NET WebClient class, or coerce NTLMv2 authentication by supplying a UNC path to an attacker-controlled server, enabling sensitive credential disclosure, remote code execution, or lateral movement depending on service account privileges and network environment. The service runs in the context of NT AUTHORITY\SYSTEM.

Affected Version(s)

BarTender 2010 0 <= 10.1 R4

BarTender 2016 0

BarTender 2019 0

References

https://portal.seagullscientific.com/downloads/bartender

product

https://www.vulncheck.com/advisories/seagull-software-bar...

third-party-advisory

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2026
Vulnerability Reserved
Feb 2, 2026

Credit

Victor A. Morales, Senior Pentester Team Leader, GM Sectec, Corp.

Jan A. Rodriguez, Pentester, GM Sectec, Corp.

VulnCheck

CVE-2026-25550 Data

JSON