Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-54782

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated bindings, allowing an unauthenticated remote attacker to impersonate any principal the trusted STS could issue. This issue is fixed in versions 1.8.1 and 1.9.1.

View on NVD

Analysis

CoreWCF presenta una vulnerabilidad critica en la validacion de tokens SAML 1.1 y 2.0 que permite a un atacante remoto no autenticado suplantar cualquier identidad. El fallo ocurre al usar IdentityConfiguration con enlaces federados, facilitando el bypass total de la autenticacion en servicios backend construidos con .NET Core. Es imperativo actualizar inmediatamente a las versiones 1.8.1 o 1.9.1 para corregir este error de severidad maxima.

Relevant roles

BackendCyberSecurityCloudWindowsLinux

Severity

Score: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: NONE
Weakness (CWE): CWE-290CWE-347

EPSS

No EPSS score yet (CVE may be too fresh).

Technical description

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated bindings, allowing an unauthenticated remote attacker to impersonate any principal the trusted STS could issue. This issue is fixed in versions 1.8.1 and 1.9.1.

Published: 7/8/2026, 11:16:56 PM
Last modified: 7/8/2026, 11:16:56 PM

References

HomeEventsBlogResourcesTeam