CVE-2026-23746
📋 TL;DR
This vulnerability allows remote unauthenticated attackers to exploit insecure .NET Remoting in Entrust IFI's SmartCardController service. Attackers can read arbitrary files, coerce outbound authentication, and potentially achieve remote code execution. Affected systems include Entrust Instant Financial Issuance On Premise software versions 5.x and prior to 6.10.5/6.11.1.
💻 Affected Systems
- Entrust Instant Financial Issuance On Premise (formerly CardWizard)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via remote code execution leading to data theft, credential harvesting, and lateral movement within the network.
Likely Case
Unauthenticated attackers reading sensitive files containing installation data and service account credentials, enabling further attacks.
If Mitigated
Limited impact if service is isolated behind strict network controls and firewalls preventing external access.
🎯 Exploit Status
Exploitation leverages known .NET Remoting techniques; unauthenticated remote access makes this highly exploitable.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.10.5 or 6.11.1
Restart Required: Yes
Instructions:
1. Download the patched version from Entrust. 2. Backup current installation. 3. Install the update following vendor instructions. 4. Restart the SmartCardController service and verify functionality.
🔧 Temporary Workarounds
Network Isolation
windowsRestrict network access to the SmartCardController service port using firewall rules.
New-NetFirewallRule -DisplayName "Block SmartCardController" -Direction Inbound -Protocol TCP -LocalPort <port_number> -Action Block
Service Disablement
windowsTemporarily disable the vulnerable service if not critically needed.
Stop-Service -Name "DCG.SmartCardControllerService"
Set-Service -Name "DCG.SmartCardControllerService" -StartupType Disabled
🧯 If You Can't Patch
- Implement strict network segmentation to isolate the vulnerable system from untrusted networks.
- Monitor for suspicious network traffic to the SmartCardController service port and file access patterns.
🔍 How to Verify
Check if Vulnerable:
Check installed version of Entrust IFI software and verify if it's below 6.10.5 or 6.11.1, and check if DCG.SmartCardControllerService.exe is running.Check Version:
Check the software version in the application interface or installation directory properties.Verify Fix Applied:
Confirm software version is 6.10.5 or 6.11.1 or higher, and test that .NET Remoting exploitation attempts are blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual .NET Remoting connections to SmartCardController service
- Failed authentication attempts or unexpected file access logs
Network Indicators:
- Inbound TCP connections to the SmartCardController service port from unexpected sources
- Outbound authentication attempts from the service to other systems
SIEM Query:
source="windows" AND process_name="DCG.SmartCardControllerService.exe" AND (event_id=4688 OR event_id=5156) AND dest_port=<service_port>🔗 References
- https://trustedcare.entrust.com/s/article/E26-001-NET-Remoting-Vulnerabilities-in-the-Smart-Card-Controller-Service-of-the-Instant-Financial-Issuance-On-Premise-Software
- https://www.entrust.com/products/issuance-systems/instant/financial-card
- https://www.vulncheck.com/advisories/entrust-ifi-smartcardcontroller-service-net-remoting-rce
