Insecure .NET Remoting Exposure in Entrust Instant Financial Issuance Software
CVE-2026-23746

9.3CRITICAL

Key Information:

Vendor

Entrust Corporation

Status
Instant Financial Issuance (if)
Vendor
CVE Published:
15 January 2026

What is CVE-2026-23746?

The Entrust Instant Financial Issuance On Premise software has identified a critical issue within the SmartCardController service involving insecure .NET Remoting. This vulnerability allows unauthenticated remote attackers to exploit a TCP remoting channel that is insufficiently secured. By reaching the exposed remoting port, attackers can invoke unprotected remoting objects to access sensitive files on the server, enabling them to manipulate outbound authentication and potentially execute arbitrary code. This serious flaw can result in unauthorized access to sensitive data, including installation and service-account information, leading to significant compromises of the affected system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Instant Financial Issuance (IF) 5.x

Instant Financial Issuance (IF) 6.0 < 6.10.5

Instant Financial Issuance (IF) 6.0 < 6.11.1

References

https://www.entrust.com/products/issuance-systems/instant...
product
https://trustedcare.entrust.com/s/article/E26-001-NET-Rem...
vendor-advisorypatch
https://www.vulncheck.com/advisories/entrust-ifi-smartcar...
third-party-advisory

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Victor A. Morales of GM Sectec, Corp.
JSON
.