CVE-2026-23751 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 23, 2026
Kofax Capture - Insecure Deserialization
Published: April 23, 2026Updated: April 23, 2026Remote Exploitable
Overview
Kofax Capture (Tungsten Capture) 6.0.0.0 contains a .NET Remoting unauthenticated object unmarshalling vulnerability in Ascent Capture Service on port 2424, letting remote attackers read/write files, disclose credentials, cause DoS, or execute code remotely.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Remote attackers can read/write files, disclose credentials, cause denial of service, or execute code remotely, potentially compromising the entire system and network.
Mitigation
Update to the latest version of Kofax Capture (Tungsten Capture) that addresses this vulnerability.
References
Related Resources
Details
- CVE ID
- CVE-2026-23751
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- insecure_deserialization
- Status
- new
CWE
- CWE-306
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H