The vulnerability identified as CVE-2026-21665 affects the Print Service component of Fiserv Originate Loans Peripherals (formerly Velocity Services) specifically in the unsupported version 2021.2.4 (build 4.7.3155.0011). This component relies on deprecated .NET Remoting TCP channels, which are known to be susceptible to unsafe deserialization attacks. Unsafe deserialization occurs when untrusted data is deserialized without proper validation, allowing attackers to manipulate the deserialization process to execute arbitrary code remotely. In this case, if the .NET Remoting service ports are exposed beyond trusted network boundaries in a client-managed deployment, an unauthenticated attacker can send crafted data to trigger remote code execution (RCE). The vulnerability is not present in Fiserv-hosted environments or default configurations, as these do not expose the vulnerable service to untrusted networks. The affected version is no longer supported, and Fiserv recommends upgrading to version 2025.1 or later, which presumably removes or mitigates the use of unsafe .NET Remoting channels. The CVSS 4.0 score of 7.7 reflects high severity, with network attack vector, low attack complexity, no privileges required, and partial user interaction needed. The vulnerability impacts confidentiality, integrity, and availability due to the potential for full system compromise. No known exploits have been reported in the wild, but the risk remains significant for exposed legacy deployments.

This vulnerability poses a significant risk to organizations using the unsupported 2021.2.4 version of Fiserv Originate Loans Peripherals in client-managed environments where .NET Remoting ports are exposed to untrusted networks. Successful exploitation allows unauthenticated remote attackers to execute arbitrary code, potentially leading to full system compromise, data theft, manipulation of loan processing data, disruption of loan origination services, and lateral movement within the network. Financial institutions relying on this software for loan processing could face severe operational disruptions, reputational damage, regulatory penalties, and financial losses. Since the vulnerability affects confidentiality, integrity, and availability, attackers could manipulate sensitive financial data or disrupt critical business functions. The lack of support for the affected version exacerbates the risk, as no official patches are available, forcing organizations to either upgrade or implement stringent network controls. Although no exploits are currently known in the wild, the ease of exploitation and critical impact make this a high-priority threat for affected deployments.

Organizations should immediately assess their deployments of Fiserv Originate Loans Peripherals to identify any instances running version 2021.2.4 or earlier. The primary mitigation is to upgrade to the currently supported version 2025.1 or later, which addresses the vulnerability. Until upgrades can be performed, organizations must ensure that .NET Remoting TCP service ports are not exposed beyond trusted internal network segments; this includes implementing strict firewall rules, network segmentation, and access control lists to block untrusted network access. Monitoring network traffic for unusual activity on .NET Remoting ports can help detect exploitation attempts. Additionally, organizations should review and harden their deserialization processes and consider disabling or replacing deprecated .NET Remoting components where feasible. Regular vulnerability scanning and penetration testing should be conducted to verify that no exposed legacy services remain accessible. Finally, organizations should maintain an incident response plan tailored to potential remote code execution incidents involving this software.