CVE-2026-23751 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 24, 2026
Kofax Capture - Insecure Deserialization
Overview
Kofax Capture (Tungsten Capture) 6.0.0.0 contains a .NET Remoting unauthenticated object unmarshalling vulnerability in Ascent Capture Service on port 2424, letting remote attackers read/write files, disclose credentials, cause DoS, or execute code remotely.
Severity & Score
Impact
Remote attackers can read/write files, disclose credentials, cause denial of service, or execute code remotely, potentially compromising the entire system and network.
Mitigation
Update to the latest version of Kofax Capture (Tungsten Capture) that addresses this vulnerability.
References
Social Media Activity(1 post)
š“ CVE-2026-23751 - Critical (9.8) Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that is accessible without authentication and uses a d... š https://www.thehackerwire.com/vulnerability/CVE-2026-23751/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-23751
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- insecure_deserialization
- Status
- unconfirmed
- EPSS
- 16.1%
- Social Posts
- 1
CWE
- CWE-306
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H