Unauthenticated WCF SOAP Endpoint Vulnerability in Unisys WebPerfect Image Suite
CVE-2026-39907

7HIGH

Key Information:

Vendor: Unisys
Status: Webperfect Image Suite
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-39907?

The Unisys WebPerfect Image Suite has a significant vulnerability that exposes an unauthenticated WCF SOAP endpoint on TCP port 1208. This endpoint processes unsanitized file paths via the ReadLicense action's LFName parameter, potentially allowing remote attackers to exploit it. By crafting specific SOAP requests that include UNC paths, attackers can force the server to initiate outbound SMB connections. This action can lead to the leakage of NTLMv2 machine-account hashes, which may be leveraged for privilege escalation and lateral movement within a network.

Affected Version(s)

WebPerfect Image Suite 3.0.3960.22810

WebPerfect Image Suite 3.0.3960.22604

References

https://www.unisys.com/solutions/cai/applications/

product

https://www.vulncheck.com/advisories/unisys-webperfect-im...

third-party-advisory

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Apr 7, 2026

Credit

Victor A. Morales, Senior Pentester Team Leader, GM Sectec, Corp.

VulnCheck

CVE-2026-39907 Data

JSON