CNNVD-202602-2282 Information

CNNVD ID

CNNVD-202602-2282

Related CVE

CVE-2026-26221

• CNNVD Published: 2026-02-13

Description (Chinese)

Hyland Software Hyland OnBase是美国Hyland Software公司的一款用于展示企业信息管理、流程的平台。 Hyland Software Hyland OnBase存在安全漏洞，该漏洞源于OnBase Workflow Timer Service存在未经身份验证的.NET Remoting暴露，可能导致发送特制.NET Remoting请求触发不安全的对象反序列化，从而实现任意文件读写，进而导致远程代码执行。

Description (English)

Hyland Software Hyland OnBase is a United States company, Hyland Software, which is a platform to showcase business information management and processes. There is a security loophole in Hyland Software Hyland OnBase, which stems from the presence of Unidentified.NET Remoting exposures in OnBase Workflow Times Service, which may result in the sending of a special-made.NET Remoting request triggering an unsafe object back-sequencing, leading to the reading and writing of any document, leading to remote code execution.

Vulnerability Type

其他

Affected Vendor

Hyland Software

Published

2026-02-13

Last Modified

2026-02-24

References

https://community.hyland.com/resources/bulletins-and-notices/223223-security-update-onbase-workflow-timer-service-bulletin-ob2025-03 https://www.hyland.com/en/solutions/products/onbase https://www.vulncheck.com/advisories/hyland-onbase-timer-services-unauthenticated-net-remoting-rce