CVE-2026-0611 affects Spacelabs Healthcare Sentinel versions 10.5.x and 11.x.x before 11.6.0. The vulnerability is due to a deprecated .NET Remoting HTTP channel exposed on port 8989 that lacks authentication controls, allowing unauthenticated attackers to remotely execute code. Attackers can leverage this channel to perform arbitrary file read and write operations, including writing ASPX webshells to the IIS wwwroot directory, resulting in full remote code execution. The default installation does not expose port 8989; exploitation requires deliberate exposure of this port through configuration or network changes. No official patch or remediation level has been published by the vendor, and the vulnerability is not related to a cloud service. The CVSS 4.0 score is 9.2, reflecting critical impact with network attack vector, low attack complexity, no privileges required, and no user interaction.

Successful exploitation allows unauthenticated remote attackers to execute arbitrary code on affected systems by writing webshells to the IIS wwwroot directory. This can lead to full system compromise. However, exploitation requires that port 8989 be explicitly exposed to the network, which is not the default configuration. No known exploits in the wild have been reported, but the vulnerability is rated critical due to the potential impact of remote code execution without authentication.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since port 8989 is not exposed by default, ensure that this port is not accessible from untrusted networks. If the .NET Remoting HTTP channel on port 8989 is not required, disable or block access to this port to mitigate risk. Monitor vendor communications for any forthcoming official fixes or updates.