Home

Description

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated bindings, allowing an unauthenticated remote attacker to impersonate any principal the trusted STS could issue. This issue is fixed in versions 1.8.1 and 1.9.1.

PUBLISHED Reserved 2026-06-15 | Published 2026-07-08 | Updated 2026-07-10 | Assigner GitHub_M




CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Problem types

CWE-290: Authentication Bypass by Spoofing

CWE-347: Improper Verification of Cryptographic Signature

Product status

>= 1.9.0, < 1.9.1
affected

< 1.8.1
affected

References

github.com/...oreWCF/security/advisories/GHSA-xjr9-gg9q-jx3v

github.com/...ommit/0b8c8af851260e85e8402af53233d1b8f87dfb6f

github.com/...ommit/0e63c2cca55763d8be6b226a234579280a09e7b6

github.com/...ommit/e5cc9b6a4ecc102a50d782093bfc72e0790abe3d

github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1

github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1

cve.org (CVE-2026-54782)

nvd.nist.gov (CVE-2026-54782)

Download JSON