CVE-2026-23751: Kofax Capture 6.0.0.0 Unauthenticated File Read/Write & SMB Coercion via .NET Remoting

Published Apr 23, 2026
·
Updated

Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that is accessible without authentication and uses a default, publicly known endpoint identifier. An unauthenticated remote attacker can exploit .NET Remoting object unmarshalling techniques to instantiate a remote System.Net.WebClient object and read arbitrary files from the server filesystem, write attacker-controlled files to the server, or coerce NTLMv2 authentication to an attacker-controlled host, enabling sensitive credential disclosure, denial of service, remote code execution, or lateral movement depending on service account privileges and network environment.

Affected Software

1 affected component
Kofax Kofax Capture (Tungsten Capture)=6.0.0.0

Event History

Apr 23, 2026
CVE Published
via MITRE·02:46 PM
Data Sourced
via MITRE·02:46 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·04:16 PM
DescriptionSeverityWeakness
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2026-23751?

CVE-2026-23751 is considered a high severity vulnerability due to its unauthenticated access and exposure of a deprecated .NET Remoting HTTP channel.

2

How do I fix CVE-2026-23751?

To fix CVE-2026-23751, it is recommended to disable the deprecated .NET Remoting HTTP channel or apply available patches from the vendor.

3

What systems are affected by CVE-2026-23751?

CVE-2026-23751 affects Kofax Capture (Tungsten Capture) version 6.0.0.0, with other versions potentially vulnerable.

4

What type of attack can exploit CVE-2026-23751?

CVE-2026-23751 can be exploited through unauthenticated access to the Ascent Capture Service, allowing unauthorized access to sensitive data.

5

Is there a known exploit for CVE-2026-23751?

Yes, there is known exploitation behavior associated with CVE-2026-23751, facilitating unauthorized operations via its exposed service.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203
CVE-2026-23751 - Kofax Capture 6.0.0.0 Unauthenticated File Read/Write & SMB Coercion via .NET Remoting - SecAlerts