CVE-2026-23746 is a critical security vulnerability affecting Entrust Corporation's Instant Financial Issuance (IFI) On Premise software, specifically versions 5.x prior to 6.10.5 and 6.11.1. The vulnerability stems from an insecure .NET Remoting exposure in the SmartCardController service (DCG.SmartCardControllerService.exe). This service registers a TCP remoting channel configured with unsafe formatter and settings that allow untrusted remote object invocation without any authentication. An unauthenticated remote attacker who can reach the remoting port can exploit this flaw to invoke exposed remoting objects. This enables reading arbitrary files from the server, coercing outbound authentication, and potentially writing arbitrary files or executing remote code by leveraging known .NET Remoting exploitation techniques. The impact includes disclosure of sensitive installation data and service account credentials, leading to full system compromise. The vulnerability is classified under CWE-306 (Missing Authentication for Critical Function) and CWE-502 (Deserialization of Untrusted Data). The CVSS 4.0 base score is 9.3, reflecting network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability. Although no exploits are currently known in the wild, the nature of the vulnerability and the criticality of the affected software in financial issuance environments make this a high-risk issue requiring immediate attention.

The vulnerability allows unauthenticated remote attackers to fully compromise affected Entrust IFI servers. Potential impacts include unauthorized disclosure of sensitive financial issuance data, service account credentials, and installation configurations. Attackers can execute arbitrary code remotely, leading to complete system takeover, data manipulation, or service disruption. This can result in financial fraud, loss of customer trust, regulatory penalties, and operational downtime. Given the critical role of IFI software in financial institutions for card issuance and management, exploitation could disrupt financial services and expose sensitive customer information. The lack of authentication and ease of exploitation amplify the threat, making it feasible for attackers to target organizations globally. The compromise of service accounts may also facilitate lateral movement within enterprise networks, escalating the overall risk posture.

Organizations should immediately upgrade Entrust IFI On Premise software to versions 6.10.5 or later, or 6.11.1 or later, where the vulnerability is patched. Until patches are applied, restrict network access to the SmartCardController service's remoting port using firewalls or network segmentation to limit exposure to trusted hosts only. Implement strict monitoring and logging of network traffic to detect anomalous access attempts to the remoting service. Disable or remove unnecessary .NET Remoting services if feasible. Employ application-layer firewalls or intrusion prevention systems capable of detecting and blocking malicious .NET Remoting payloads. Conduct thorough audits of service accounts and credentials to identify potential compromise. Establish incident response plans specific to this vulnerability, including rapid patch deployment and forensic analysis. Engage with Entrust support for any vendor-specific mitigation guidance or hotfixes. Finally, educate IT staff about the risks of insecure remoting configurations and enforce secure coding and deployment practices for future software versions.