CVE-2026-26222 is a critical vulnerability affecting Beyond Limits Inc.'s Altec DocLink version 4.0.336.0. The vulnerability arises from insecure exposure of .NET Remoting endpoints over TCP and HTTP/SOAP via the Altec.RDCHostService.exe process, specifically through the ObjectURI "doclinkServer.soap". These endpoints do not require any authentication, allowing unauthenticated remote attackers to interact with the service. The core issue is unsafe deserialization (CWE-502) of untrusted data, which enables attackers to manipulate the object unmarshalling process. This manipulation allows attackers to read arbitrary files on the underlying system by specifying local file paths. Furthermore, attackers can coerce SMB authentication by using UNC paths, which can be leveraged to write arbitrary files to server locations. Because some writable paths may be web-accessible under IIS, this file write capability can be exploited to achieve unauthenticated remote code execution or cause denial of service by overwriting critical files. The vulnerability also relates to CWE-918, indicating improper control of dynamically loaded code or libraries. The CVSS 4.0 vector indicates network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability, resulting in a maximum score of 10. No patches or known exploits are currently documented, but the severity and ease of exploitation make this a critical threat to affected environments.

The impact of CVE-2026-26222 is severe for organizations using Altec DocLink 4.0.336.0. Because the vulnerability allows unauthenticated remote attackers to read arbitrary files, sensitive information such as credentials, configuration files, or intellectual property may be exposed. The ability to write arbitrary files to server locations, especially those accessible via IIS, can lead to remote code execution, allowing attackers to gain full control over affected servers. This compromises system integrity and availability, potentially disrupting business operations and leading to data breaches. The exploitation can also coerce SMB authentication, which may facilitate lateral movement within networks. Given the critical nature of document management systems in enterprise environments, successful exploitation could impact compliance, confidentiality, and operational continuity. The lack of authentication and network accessibility of the vulnerable endpoints significantly increases the attack surface and risk. Organizations may face regulatory penalties, reputational damage, and financial losses if exploited.

Organizations should immediately assess their use of Altec DocLink version 4.0.336.0 and isolate vulnerable instances from untrusted networks. Since no patches are currently available, consider disabling or restricting access to the Altec.RDCHostService.exe endpoints, especially the "doclinkServer.soap" ObjectURI, using network segmentation and firewall rules to block TCP and HTTP/SOAP traffic to these services. Implement strict access controls and monitor network traffic for unusual activity targeting these endpoints. Employ application-layer firewalls or reverse proxies to enforce authentication and input validation where possible. Review IIS configurations to restrict write permissions and prevent web-accessible directories from being writable by the application. Conduct thorough logging and monitoring to detect attempts to exploit deserialization or unauthorized file access. Plan for rapid patch deployment once a vendor fix is released. Additionally, conduct internal audits to identify any signs of compromise and validate the integrity of critical files and services.