CVE-2026-23746

{"id": "CVE-2026-23746", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-15T20:16:05.917", "references": [{"url": "https://trustedcare.entrust.com/s/article/E26-001-NET-Remoting-Vulnerabilities-in-the-Smart-Card-Controller-Service-of-the-Instant-Financial-Issuance-On-Premise-Software", "source": "disclosure@vulncheck.com"}, {"url": "https://www.entrust.com/products/issuance-systems/instant/financial-card", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/entrust-ifi-smartcardcontroller-service-net-remoting-rce", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-306"}, {"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "Entrust Instant Financial Issuance (IFI) On Premise software (formerly referred to as CardWizard) versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the SmartCardController service (DCG.SmartCardControllerService.exe). The service registers a TCP remoting channel with unsafe formatter/settings that permit untrusted remoting object invocation. A remote, unauthenticated attacker who can reach the remoting port can invoke exposed remoting objects to read arbitrary files from the server and coerce outbound authentication, and may achieve arbitrary file write and remote code execution via known .NET Remoting exploitation techniques. This can lead to disclosure of sensitive installation and service-account data and compromise of the affected host."}, {"lang": "es", "value": "El software Entrust Instant Financial Issuance (IFI) On Premise (anteriormente conocido como CardWizard) versiones 5.x, anteriores a la 6.10.5, y anteriores a la 6.11.1 contienen una exposici\u00f3n insegura de .NET Remoting en el servicio SmartCardController (DCG.SmartCardControllerService.exe). El servicio registra un canal de remoting TCP con un formateador/configuraci\u00f3n inseguros que permiten la invocaci\u00f3n de objetos de remoting no confiables. Un atacante remoto no autenticado que pueda alcanzar el puerto de remoting puede invocar objetos de remoting expuestos para leer archivos arbitrarios del servidor y forzar la autenticaci\u00f3n saliente, y puede lograr la escritura arbitraria de archivos y la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de t\u00e9cnicas conocidas de explotaci\u00f3n de .NET Remoting. Esto puede llevar a la divulgaci\u00f3n de datos sensibles de instalaci\u00f3n y de cuentas de servicio y al compromiso del host afectado."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "disclosure@vulncheck.com"}