CVE-2026-25550

Severity CVSS v4.0:
CRITICAL
Type:
CWE-306 Missing Authentication for Critical Function
Publication date:
04/06/2026
Last modified:
04/06/2026

Description

Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The service registers an unauthenticated singleton endpoint — BarTenderSystem for BarTender 2016