Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.7
Fiserv Originate Loans Peripherals allows remote code execution from untrusted networks
CVE-2026-21665
Summary
An out-of-date version of Fiserv Originate Loans Peripherals allows unauthorized access from untrusted networks, potentially allowing hackers to take control of the system. This is a security risk because it can lead to serious problems, including data theft and system compromise. To ensure security, update to the latest version of Originate Loans Peripherals and restrict network access to trusted areas.
Original title
The Print Service component of Fiserv Originate Loans Peripherals (formerly Velocity Services) in unsupported version 2021.2.4 (build 4.7.3155.0011) uses deprecated .NET Remoting TCP channels that ...
Original description
The Print Service component of Fiserv Originate Loans Peripherals (formerly Velocity Services) in unsupported version 2021.2.4 (build 4.7.3155.0011) uses deprecated .NET Remoting TCP channels that allow unsafe deserialization of untrusted data. When these services are exposed to an untrusted network in a client-managed deployment, an unauthenticated attacker can achieve remote code execution. Version 2021.2.4 is no longer supported by Fiserv. Customers should upgrade to a currently supported release (2025.1 or later) and ensure that .NET Remoting service ports are not exposed beyond trusted network boundaries.
This CVE documents behavior observed in a client-hosted deployment running an unsupported legacy version of Originate Loans Peripherals with .NET Remoting ports exposed to an untrusted network. This is not a default or supported configuration. Customers running legacy versions should upgrade to a currently supported release and ensure .NET Remoting ports are restricted to trusted network segments. The finding does not apply to Fiserv-hosted environments.
This CVE documents behavior observed in a client-hosted deployment running an unsupported legacy version of Originate Loans Peripherals with .NET Remoting ports exposed to an untrusted network. This is not a default or supported configuration. Customers running legacy versions should upgrade to a currently supported release and ensure .NET Remoting ports are restricted to trusted network segments. The finding does not apply to Fiserv-hosted environments.
nvd CVSS4.0
7.7
Vulnerability type
CWE-502
Deserialization of Untrusted Data
Published: 23 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026