216.73.216.233

CVE-2026-23751

· Published 23/04/2026 16:16 · Modified 24/04/2026 14:50

Labels: CVE-2026-23751 2026-04-23CVE-2026-23751CWE-306[email protected]

Essential information

Published
23/04/2026 16:16
Modified
24/04/2026 14:50
Author
Creator
CVSS
9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that is accessible without authentication and uses a default, publicly known endpoint identifier. An unauthenticated remote attacker can exploit .NET Remoting object unmarshalling techniques to instantiate a remote System.Net.WebClient object and read arbitrary files from the server filesystem, write attacker-controlled files to the server, or coerce NTLMv2 authentication to an attacker-controlled host, enabling sensitive credential disclosure, denial of service, remote code execution, or lateral movement depending on service account privileges and network environment.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
kofax / tungsten capture cpe:2.3:a:kofax:tungsten_capture:6.0.0.0:*:*:*:*:*:*:*
kofax / tungsten capture cpe:2.3:a:kofax:tungsten_capture:*:*:*:*:*:*:*:*

References