CVE-2026-54782
CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation
CVSS Score
10.0
EPSS Score
0.2%
EPSS Percentile
16th
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated bindings, allowing an unauthenticated remote attacker to impersonate any principal the trusted STS could issue. This issue is fixed in versions 1.8.1 and 1.9.1.
| CWE | CWE-290 CWE-347 |
| Vendor | corewcf |
| Product | corewcf |
| Published | Jul 8, 2026 |
| Last Updated | Jul 10, 2026 |
Stay Ahead of the Next One
Get instant alerts for corewcf corewcf
Be the first to know when new critical vulnerabilities affecting corewcf corewcf are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None
Affected Versions
CoreWCF / CoreWCF
>= 1.9.0, < 1.9.1 < 1.8.1
References
github.com: https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-xjr9-gg9q-jx3v github.com: https://github.com/CoreWCF/CoreWCF/commit/0b8c8af851260e85e8402af53233d1b8f87dfb6f github.com: https://github.com/CoreWCF/CoreWCF/commit/0e63c2cca55763d8be6b226a234579280a09e7b6 github.com: https://github.com/CoreWCF/CoreWCF/commit/e5cc9b6a4ecc102a50d782093bfc72e0790abe3d github.com: https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1 github.com: https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1