Auth bypass in Entrust Corporation Instant Financial Issuance (If)
CVE-2026-23746
Entrust Instant Financial Issuance (IFI) On Premise software (formerly referred to as CardWizard) versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the SmartCardController service (DCG.SmartCa…
Vulnerability class: Broken Authentication
EPSS: 0.009 (53.9th percentile) — read the EPSS interpretation.
Affected products
- Entrust Corporation Instant Financial Issuance (If) — versions 5.0, 6.0
Weakness classification (CWE)
References
- disclosure@vulncheck.com (product)
- disclosure@vulncheck.com (vendor-advisory, patch)
- disclosure@vulncheck.com (third-party-advisory)