Home

Description

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token replay protection is inoperative because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a captured token to be reused. This issue is fixed in versions 1.8.1 and 1.9.1.

PUBLISHED Reserved 2026-06-15 | Published 2026-07-08 | Updated 2026-07-09 | Assigner GitHub_M




MEDIUM: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Problem types

CWE-294: Authentication Bypass by Capture-replay

CWE-613: Insufficient Session Expiration

Product status

>= 1.9.0, < 1.9.1
affected

< 1.8.1
affected

References

github.com/...oreWCF/security/advisories/GHSA-9jr3-rj99-8jq3

github.com/...ommit/3800c4e2bb4c6fde00ddacefdc2221ef33d55621

github.com/...ommit/7b0b5231cf21b4b5c1fc3caac9981f8bee43823f

github.com/...ommit/84f8cff5a786b5aaa73448cb379d366a7df98238

github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1

github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1

cve.org (CVE-2026-54779)

nvd.nist.gov (CVE-2026-54779)

Download JSON