CVE-2026-21665 affects the Print Service component of Fiserv Originate Loans Peripherals (formerly Velocity Services) version 2021.2.4 (build 4.7.3155.0011). This component uses deprecated .NET Remoting TCP channels, which are known to be vulnerable to unsafe deserialization attacks. Unsafe deserialization occurs when untrusted data is deserialized without proper validation, allowing attackers to craft malicious payloads that execute arbitrary code remotely. In this case, the vulnerability allows an unauthenticated attacker to achieve remote code execution (RCE) if the .NET Remoting service ports are exposed to untrusted networks in client-managed deployments. The vulnerability is not present in Fiserv-hosted environments or default configurations, as those do not expose these ports externally. The affected version 2021.2.4 is no longer supported, and Fiserv recommends upgrading to version 2025.1 or later, which presumably removes or secures the vulnerable component. The CVSS 4.0 vector indicates the attack is network-based (AV:N), requires no privileges (PR:N), but requires user interaction (UI:P), and results in high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). This vulnerability is categorized under CWE-502 (Deserialization of Untrusted Data). No public exploits have been reported yet, but the risk remains significant due to the potential for RCE and the financial nature of the affected software.

The vulnerability allows unauthenticated remote attackers to execute arbitrary code on systems running the vulnerable Print Service component of Fiserv Originate Loans Peripherals 2021.2.4 if .NET Remoting ports are exposed to untrusted networks. This can lead to full system compromise, data theft, manipulation of loan processing data, disruption of loan origination services, and potential financial fraud. Given the critical role of loan origination software in financial institutions, exploitation could result in severe operational disruption, regulatory non-compliance, reputational damage, and financial losses. The impact extends beyond confidentiality to integrity and availability, as attackers could alter or delete loan data or disrupt service availability. Since the affected version is unsupported, organizations may lack vendor support for incident response or patches, increasing remediation complexity. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially if attackers develop exploits targeting exposed legacy deployments.

Organizations should immediately identify any deployments of Fiserv Originate Loans Peripherals version 2021.2.4 or earlier and assess network exposure of .NET Remoting TCP ports. The primary mitigation is to upgrade to the supported version 2025.1 or later, which addresses the vulnerability. If immediate upgrade is not feasible, restrict access to .NET Remoting service ports using network segmentation, firewalls, or VPNs to ensure they are only accessible from trusted internal networks. Disable or remove the Print Service component if it is not required. Monitor network traffic for unusual activity on .NET Remoting ports and implement intrusion detection systems capable of detecting deserialization attack patterns. Conduct regular vulnerability scans and penetration tests focusing on legacy client-hosted environments. Establish strict change management and patching policies to avoid running unsupported software versions. Finally, educate IT staff about the risks of exposing legacy services to untrusted networks and enforce least privilege principles for service accounts.