CVE-2026-23751

Name of the Vulnerable Software and Affected Versions Tungsten Capture version 6.0.0.0

Description Tungsten Capture (formerly Kofax Capture) exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service. This channel is accessible without authentication and utilizes a default, publicly known endpoint identifier. An unauthenticated remote attacker can use .NET Remoting object unmarshalling techniques to instantiate a remote System.Net.WebClient object. This allows the attacker to read arbitrary files from the server filesystem, write controlled files to the server, or coerce NTLMv2 authentication to an attacker-controlled host. Depending on the network environment and service account privileges, this can lead to sensitive credential disclosure, denial of service, remote code execution, or lateral movement.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.