Search

Find a vulnerability

Search criteria

    28 vulnerabilities found for CoreWCF by CoreWCF

    CVE-2026-54784 (GCVE-0-2026-54784)

    Vulnerability from nvd – Published: 2026-07-08 22:18 – Updated: 2026-07-09 13:17
    VLAI
    Title
    CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. In version 1.9.0, CoreWCF SPNEGO SecurityContextToken negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session establishment are used, allowing an observer to impersonate the authenticated Windows principal and decrypt or forge WS-SecureConversation traffic. This issue is fixed in version 1.9.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-311 - Missing Encryption of Sensitive Data
    • CWE-523 - Unprotected Transport of Credentials
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54784",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:17:35.985477Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:17:46.722Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. In version 1.9.0, CoreWCF SPNEGO SecurityContextToken negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session establishment are used, allowing an observer to impersonate the authenticated Windows principal and decrypt or forge WS-SecureConversation traffic. This issue is fixed in version 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-311",
                  "description": "CWE-311: Missing Encryption of Sensitive Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-523",
                  "description": "CWE-523: Unprotected Transport of Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:18:13.846Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-2288-8h3r-cqgg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-2288-8h3r-cqgg"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/2afae08b2fa5288428df89e8161116b816cf6b4b",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/2afae08b2fa5288428df89e8161116b816cf6b4b"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/f216aa6929d41dc99cee098b1e69c260ec4c41c7",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/f216aa6929d41dc99cee098b1e69c260ec4c41c7"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-2288-8h3r-cqgg",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54784",
        "datePublished": "2026-07-08T22:18:13.846Z",
        "dateReserved": "2026-06-15T23:23:57.714Z",
        "dateUpdated": "2026-07-09T13:17:46.722Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54783 (GCVE-0-2026-54783)

    Vulnerability from nvd – Published: 2026-07-08 22:16 – Updated: 2026-07-09 12:55
    VLAI
    Title
    CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and supporting signature verification does not ensure the selected ds:Signature covers the expected Security header target, allowing an attacker with one captured signed SOAP envelope to replay arbitrary service operations as the victim principal. This issue is fixed in versions 1.8.1 and 1.9.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-294 - Authentication Bypass by Capture-replay
    • CWE-345 - Insufficient Verification of Data Authenticity
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Affected: < 1.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54783",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T12:55:02.530840Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T12:55:21.087Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and supporting signature verification does not ensure the selected ds:Signature covers the expected Security header target, allowing an attacker with one captured signed SOAP envelope to replay arbitrary service operations as the victim principal. This issue is fixed in versions 1.8.1 and 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-294",
                  "description": "CWE-294: Authentication Bypass by Capture-replay",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-345",
                  "description": "CWE-345: Insufficient Verification of Data Authenticity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:16:08.533Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-gqv6-pwcg-87r8",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-gqv6-pwcg-87r8"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/0589692d4b9a41d21b34ac48281e95f6df7f4ce5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/0589692d4b9a41d21b34ac48281e95f6df7f4ce5"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/30aef805270976c42477e3f2a05f4e563d86e247",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/30aef805270976c42477e3f2a05f4e563d86e247"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/4618f24165ad018ad3ed2636bf8c3bc87d2a3be2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/4618f24165ad018ad3ed2636bf8c3bc87d2a3be2"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-gqv6-pwcg-87r8",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54783",
        "datePublished": "2026-07-08T22:16:08.533Z",
        "dateReserved": "2026-06-15T23:23:57.714Z",
        "dateUpdated": "2026-07-09T12:55:21.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54782 (GCVE-0-2026-54782)

    Vulnerability from nvd – Published: 2026-07-08 22:20 – Updated: 2026-07-09 14:28
    VLAI
    Title
    CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated bindings, allowing an unauthenticated remote attacker to impersonate any principal the trusted STS could issue. This issue is fixed in versions 1.8.1 and 1.9.1.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-290 - Authentication Bypass by Spoofing
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Affected: < 1.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54782",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:28:30.759540Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:28:40.691Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated bindings, allowing an unauthenticated remote attacker to impersonate any principal the trusted STS could issue. This issue is fixed in versions 1.8.1 and 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "CWE-290: Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:20:37.401Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-xjr9-gg9q-jx3v",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-xjr9-gg9q-jx3v"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/0b8c8af851260e85e8402af53233d1b8f87dfb6f",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/0b8c8af851260e85e8402af53233d1b8f87dfb6f"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/0e63c2cca55763d8be6b226a234579280a09e7b6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/0e63c2cca55763d8be6b226a234579280a09e7b6"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/e5cc9b6a4ecc102a50d782093bfc72e0790abe3d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/e5cc9b6a4ecc102a50d782093bfc72e0790abe3d"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-xjr9-gg9q-jx3v",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54782",
        "datePublished": "2026-07-08T22:20:37.401Z",
        "dateReserved": "2026-06-15T23:23:57.714Z",
        "dateUpdated": "2026-07-09T14:28:40.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54781 (GCVE-0-2026-54781)

    Vulnerability from nvd – Published: 2026-07-08 22:19 – Updated: 2026-07-09 14:40
    VLAI
    Title
    CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token validation does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom confirmation method assertions to authenticate a subject without proving authority over the assertion. This issue is fixed in versions 1.8.1 and 1.9.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    • CWE-345 - Insufficient Verification of Data Authenticity
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Affected: < 1.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54781",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:31:13.261626Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:40:11.234Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token validation does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom confirmation method assertions to authenticate a subject without proving authority over the assertion. This issue is fixed in versions 1.8.1 and 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287: Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-345",
                  "description": "CWE-345: Insufficient Verification of Data Authenticity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:19:40.784Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-48pq-2xq3-c2m4",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-48pq-2xq3-c2m4"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/6a99df3242f54acd6f89edfd6050430b72d0c685",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/6a99df3242f54acd6f89edfd6050430b72d0c685"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/86dd3232b6b8aaf32281be9e8d798afad6145d58",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/86dd3232b6b8aaf32281be9e8d798afad6145d58"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/9eb9b46d1c2af06fb71f656a02f4d5b4649c1f03",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/9eb9b46d1c2af06fb71f656a02f4d5b4649c1f03"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-48pq-2xq3-c2m4",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54781",
        "datePublished": "2026-07-08T22:19:40.784Z",
        "dateReserved": "2026-06-15T23:23:57.714Z",
        "dateUpdated": "2026-07-09T14:40:11.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54780 (GCVE-0-2026-54780)

    Vulnerability from nvd – Published: 2026-07-08 22:15 – Updated: 2026-07-09 19:21
    VLAI
    Title
    CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference DigestMethod, allowing a sender to use a rejected digest algorithm such as SHA-1 while the message is still accepted. This issue is fixed in versions 1.8.1 and 1.9.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    • CWE-757 - Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Affected: < 1.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54780",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:21:29.380282Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:21:36.312Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference DigestMethod, allowing a sender to use a rejected digest algorithm such as SHA-1 while the message is still accepted. This issue is fixed in versions 1.8.1 and 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-757",
                  "description": "CWE-757: Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:15:06.161Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-4v55-cpmv-3vcm",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-4v55-cpmv-3vcm"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/58742312117cc671e6e9c694c2f5f9f669c17136",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/58742312117cc671e6e9c694c2f5f9f669c17136"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/9104e581cff3d047ace5e179bfae86807a44be1f",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/9104e581cff3d047ace5e179bfae86807a44be1f"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/fea67b2cd73a5a85115c325d504303ec7382e133",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/fea67b2cd73a5a85115c325d504303ec7382e133"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-4v55-cpmv-3vcm",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54780",
        "datePublished": "2026-07-08T22:15:06.161Z",
        "dateReserved": "2026-06-15T23:23:57.714Z",
        "dateUpdated": "2026-07-09T19:21:36.312Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54779 (GCVE-0-2026-54779)

    Vulnerability from nvd – Published: 2026-07-08 22:07 – Updated: 2026-07-09 14:17
    VLAI
    Title
    CoreWCF: SAML token replay protection is inoperative
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token replay protection is inoperative because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a captured token to be reused. This issue is fixed in versions 1.8.1 and 1.9.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-294 - Authentication Bypass by Capture-replay
    • CWE-613 - Insufficient Session Expiration
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Affected: < 1.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54779",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:17:49.549188Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:17:57.224Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token replay protection is inoperative because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a captured token to be reused. This issue is fixed in versions 1.8.1 and 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-294",
                  "description": "CWE-294: Authentication Bypass by Capture-replay",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613: Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:07:46.453Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-9jr3-rj99-8jq3",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-9jr3-rj99-8jq3"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/3800c4e2bb4c6fde00ddacefdc2221ef33d55621",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/3800c4e2bb4c6fde00ddacefdc2221ef33d55621"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/7b0b5231cf21b4b5c1fc3caac9981f8bee43823f",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/7b0b5231cf21b4b5c1fc3caac9981f8bee43823f"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/84f8cff5a786b5aaa73448cb379d366a7df98238",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/84f8cff5a786b5aaa73448cb379d366a7df98238"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-9jr3-rj99-8jq3",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF: SAML token replay protection is inoperative"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54779",
        "datePublished": "2026-07-08T22:07:46.453Z",
        "dateReserved": "2026-06-15T23:23:57.714Z",
        "dateUpdated": "2026-07-09T14:17:57.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54778 (GCVE-0-2026-54778)

    Vulnerability from nvd – Published: 2026-07-08 22:11 – Updated: 2026-07-09 13:23
    VLAI
    Title
    CoreWCF: UnixDomainSocket Non-Reentrant POSIX Identity Resolution
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF UnixDomainSocket POSIX peer identity resolution uses non-reentrant getpwuid and getgrgid calls, allowing concurrent connections to attribute one connection's identity to another or crash the host process under contention. This issue is fixed in versions 1.8.1 and 1.9.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    • CWE-825 - Expired Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Affected: < 1.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54778",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:22:50.639287Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:23:29.922Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF UnixDomainSocket POSIX peer identity resolution uses non-reentrant getpwuid and getgrgid calls, allowing concurrent connections to attribute one connection\u0027s identity to another or crash the host process under contention. This issue is fixed in versions 1.8.1 and 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-362",
                  "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-825",
                  "description": "CWE-825: Expired Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:12:11.923Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-q6v9-43v5-jv9q",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-q6v9-43v5-jv9q"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/a3d95ea4627b818995e92c7def4c016164cacfce",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/a3d95ea4627b818995e92c7def4c016164cacfce"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/b0acb105589b455a095ea5ff49f5191e4eeff791",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/b0acb105589b455a095ea5ff49f5191e4eeff791"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/b4867547c94bb088568935d581a55dda18a621e1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/b4867547c94bb088568935d581a55dda18a621e1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-q6v9-43v5-jv9q",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF: UnixDomainSocket Non-Reentrant POSIX Identity Resolution"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54778",
        "datePublished": "2026-07-08T22:11:55.490Z",
        "dateReserved": "2026-06-15T23:23:57.714Z",
        "dateUpdated": "2026-07-09T13:23:29.922Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54776 (GCVE-0-2026-54776)

    Vulnerability from nvd – Published: 2026-07-08 22:04 – Updated: 2026-07-09 12:56
    VLAI
    Title
    CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching messages, bypassing framing-layer identity checks in UnixPosixIdentitySecurityUpgradeProvider. This issue is fixed in versions 1.8.1 and 1.9.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Affected: < 1.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54776",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T12:56:10.364263Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T12:56:16.584Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching messages, bypassing framing-layer identity checks in UnixPosixIdentitySecurityUpgradeProvider. This issue is fixed in versions 1.8.1 and 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:04:39.200Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-wjpq-6766-7f5j",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-wjpq-6766-7f5j"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/994431268e3362c0cd126450fe2a135c202551f3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/994431268e3362c0cd126450fe2a135c202551f3"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/9af16955e51a57348dafce0019e259a092ef7440",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/9af16955e51a57348dafce0019e259a092ef7440"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/f2f1a05927a88b8a75fa0582fa8ed75eb891e463",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/f2f1a05927a88b8a75fa0582fa8ed75eb891e463"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-wjpq-6766-7f5j",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54776",
        "datePublished": "2026-07-08T22:04:39.200Z",
        "dateReserved": "2026-06-15T23:23:57.713Z",
        "dateUpdated": "2026-07-09T12:56:16.584Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54775 (GCVE-0-2026-54775)

    Vulnerability from nvd – Published: 2026-07-08 22:13 – Updated: 2026-07-09 14:20
    VLAI
    Title
    CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service.
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent endpoint denial of service for attackers with produce permission. This issue is fixed in versions 1.8.1 and 1.9.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-248 - Uncaught Exception
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    • CWE-755 - Improper Handling of Exceptional Conditions
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Affected: < 1.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54775",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:20:22.314924Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:20:32.975Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent endpoint denial of service for attackers with produce permission. This issue is fixed in versions 1.8.1 and 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248: Uncaught Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-755",
                  "description": "CWE-755: Improper Handling of Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:13:37.611Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-m744-jhq9-ppw6",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-m744-jhq9-ppw6"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/1a229d0d14a07766302f7d14c866889f04a3a624",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/1a229d0d14a07766302f7d14c866889f04a3a624"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/6d7431ebc0ebe6521ea6d0dbea8982bac3d2bc98",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/6d7431ebc0ebe6521ea6d0dbea8982bac3d2bc98"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/8f95f3ac3c929409e830b5c5659683ef9f6ea6b0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/8f95f3ac3c929409e830b5c5659683ef9f6ea6b0"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-m744-jhq9-ppw6",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54775",
        "datePublished": "2026-07-08T22:13:37.611Z",
        "dateReserved": "2026-06-15T23:23:57.713Z",
        "dateUpdated": "2026-07-09T14:20:32.975Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54774 (GCVE-0-2026-54774)

    Vulnerability from nvd – Published: 2026-07-08 22:17 – Updated: 2026-07-09 14:40
    VLAI
    Title
    CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, SamlSerializer skips final SignatureValue verification when a CoreWCF service validates SAML tokens using a non-X.509 signing token, allowing an attacker to reference a non-X.509 SecurityToken key identifier and bypass assertion signature verification. This issue is fixed in versions 1.8.1 and 1.9.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-345 - Insufficient Verification of Data Authenticity
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Affected: < 1.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54774",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:31:14.611140Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:40:18.629Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, SamlSerializer skips final SignatureValue verification when a CoreWCF service validates SAML tokens using a non-X.509 signing token, allowing an attacker to reference a non-X.509 SecurityToken key identifier and bypass assertion signature verification. This issue is fixed in versions 1.8.1 and 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-345",
                  "description": "CWE-345: Insufficient Verification of Data Authenticity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:17:07.314Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-rpj7-hr7h-w6p9",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-rpj7-hr7h-w6p9"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/65d09022749854ba943e376aefb958dec05b00d8",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/65d09022749854ba943e376aefb958dec05b00d8"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/b914495ce63c44924664643b60a262e7595081a4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/b914495ce63c44924664643b60a262e7595081a4"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/e7454132876ecc7e2cf80e541a44376eeb54979b",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/e7454132876ecc7e2cf80e541a44376eeb54979b"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-rpj7-hr7h-w6p9",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54774",
        "datePublished": "2026-07-08T22:17:07.314Z",
        "dateReserved": "2026-06-15T23:23:57.713Z",
        "dateUpdated": "2026-07-09T14:40:18.629Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54773 (GCVE-0-2026-54773)

    Vulnerability from nvd – Published: 2026-07-08 22:09 – Updated: 2026-07-08 22:10
    VLAI
    Title
    CoreWCF: WS-Security signature substitution via document-wide Signature lookup
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security and cause WSSecurityOneDotZeroReceiveSecurityHeader to verify an attacker-supplied signature instead of the security header signature. This issue is fixed in versions 1.8.1 and 1.9.1.
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Affected: < 1.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security and cause WSSecurityOneDotZeroReceiveSecurityHeader to verify an attacker-supplied signature instead of the security header signature. This issue is fixed in versions 1.8.1 and 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:10:26.712Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-jc6x-rj79-w4mx",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-jc6x-rj79-w4mx"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/0589692d4b9a41d21b34ac48281e95f6df7f4ce5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/0589692d4b9a41d21b34ac48281e95f6df7f4ce5"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/30aef805270976c42477e3f2a05f4e563d86e247",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/30aef805270976c42477e3f2a05f4e563d86e247"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/4618f24165ad018ad3ed2636bf8c3bc87d2a3be2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/4618f24165ad018ad3ed2636bf8c3bc87d2a3be2"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-jc6x-rj79-w4mx",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF: WS-Security signature substitution via document-wide Signature lookup"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54773",
        "datePublished": "2026-07-08T22:09:32.584Z",
        "dateReserved": "2026-06-15T23:23:57.713Z",
        "dateUpdated": "2026-07-08T22:10:26.712Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54772 (GCVE-0-2026-54772)

    Vulnerability from nvd – Published: 2026-07-08 22:06 – Updated: 2026-07-09 14:19
    VLAI
    Title
    CoreWCF: Pre-authentication infinite-loop CPU exhaustion in CoreWCF net.tcp / net.pipe / net.uds framing handshake
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, an unauthenticated remote attacker that can reach a NetTcpBinding, NetNamedPipeBinding, or UnixDomainSocketBinding endpoint can trigger premature EOF handling in the CoreWCF net.tcp, net.pipe, or net.uds framing handshake and pin one server thread-pool worker at full CPU per connection. This issue is fixed in versions 1.8.1 and 1.9.1.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Affected: < 1.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54772",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:19:10.629206Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:19:17.666Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, an unauthenticated remote attacker that can reach a NetTcpBinding, NetNamedPipeBinding, or UnixDomainSocketBinding endpoint can trigger premature EOF handling in the CoreWCF net.tcp, net.pipe, or net.uds framing handshake and pin one server thread-pool worker at full CPU per connection. This issue is fixed in versions 1.8.1 and 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:06:08.914Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-p86g-xrr2-pf7c",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-p86g-xrr2-pf7c"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/03ddbced349931a2da6c0efcdf745c0722eff77c",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/03ddbced349931a2da6c0efcdf745c0722eff77c"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/7ddd966d6e58564a32ab30c825dd693b45a34a55",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/7ddd966d6e58564a32ab30c825dd693b45a34a55"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/c4212988cd6fd472783d0413426eeac61044097a",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/c4212988cd6fd472783d0413426eeac61044097a"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-p86g-xrr2-pf7c",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF: Pre-authentication infinite-loop CPU exhaustion in CoreWCF net.tcp / net.pipe / net.uds framing handshake"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54772",
        "datePublished": "2026-07-08T22:06:08.914Z",
        "dateReserved": "2026-06-15T23:23:57.713Z",
        "dateUpdated": "2026-07-09T14:19:17.666Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54777 (GCVE-0-2026-54777)

    Vulnerability from nvd – Published: 2026-07-08 22:01 – Updated: 2026-07-09 12:57
    VLAI
    Title
    CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF NetNamedPipe transport accepts attachment to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic when an attacker races NamedPipeListener startup between shared memory GUID publication and service named pipe creation. This issue is fixed in versions 1.8.1 and 1.9.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    • CWE-665 - Improper Initialization
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Affected: < 1.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54777",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T12:57:25.187510Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T12:57:35.393Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF NetNamedPipe transport accepts attachment to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic when an attacker races NamedPipeListener startup between shared memory GUID publication and service named pipe creation. This issue is fixed in versions 1.8.1 and 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-665",
                  "description": "CWE-665: Improper Initialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:01:21.323Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-6jj2-4q5c-x8g6",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-6jj2-4q5c-x8g6"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/8ed9c780c7c6fb22fa215c5771dee0c1e49596b7",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/8ed9c780c7c6fb22fa215c5771dee0c1e49596b7"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/e7d225394fd429900dcbc445dcdd53b94e964077",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/e7d225394fd429900dcbc445dcdd53b94e964077"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-6jj2-4q5c-x8g6",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54777",
        "datePublished": "2026-07-08T22:01:21.323Z",
        "dateReserved": "2026-06-15T23:23:57.714Z",
        "dateUpdated": "2026-07-09T12:57:35.393Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-28252 (GCVE-0-2024-28252)

    Vulnerability from nvd – Published: 2024-03-15 19:04 – Updated: 2024-08-26 15:07
    VLAI
    Title
    CoreWCF NetFraming based services can leave connections open when they should be closed
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. If you have a NetFraming based CoreWCF service, extra system resources could be consumed by connections being left established instead of closing or aborting them. There are two scenarios when this can happen. When a client established a connection to the service and sends no data, the service will wait indefinitely for the client to initiate the NetFraming session handshake. Additionally, once a client has established a session, if the client doesn't send any requests for the period of time configured in the binding ReceiveTimeout, the connection is not properly closed as part of the session being aborted. The bindings affected by this behavior are NetTcpBinding, NetNamedPipeBinding, and UnixDomainSocketBinding. Only NetTcpBinding has the ability to accept non local connections. The currently supported versions of CoreWCF are v1.4.x and v1.5.x. The fix can be found in v1.4.2 and v1.5.2 of the CoreWCF packages. Users are advised to upgrade. There are no workarounds for this issue.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-404 - Improper Resource Shutdown or Release
    Assigner
    References
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.5.0, < 1.5.2
    Affected: < 1.4.2
    Create a notification for this product.
    corewcf corewcf Affected: 0 , < 1.4.2 (custom)
    Affected: 1.5.0 , < 1.5.2 (custom)
        cpe:2.3:a:corewcf:corewcf:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:corewcf:corewcf:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "corewcf",
                "vendor": "corewcf",
                "versions": [
                  {
                    "lessThan": "1.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.5.2",
                    "status": "affected",
                    "version": "1.5.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28252",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-26T15:06:15.448119Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-26T15:07:39.236Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:48:49.501Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-32jq-mv89-5rx7",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-32jq-mv89-5rx7"
              },
              {
                "name": "https://github.com/CoreWCF/CoreWCF/issues/1345",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/CoreWCF/CoreWCF/issues/1345"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.5.0, \u003c 1.5.2"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.4.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. If you have a NetFraming based CoreWCF service, extra system resources could be consumed by connections being left established instead of closing or aborting them. There are two scenarios when this can happen. When a client established a connection to the service and sends no data, the service will wait indefinitely for the client to initiate the NetFraming session handshake. Additionally, once a client has established a session, if the client doesn\u0027t send any requests for the period of time configured in the binding ReceiveTimeout, the connection is not properly closed as part of the session being aborted. The bindings affected by this behavior are NetTcpBinding, NetNamedPipeBinding, and UnixDomainSocketBinding. Only NetTcpBinding has the ability to accept non local connections. The currently supported versions of CoreWCF are v1.4.x and v1.5.x. The fix can be found in v1.4.2 and v1.5.2 of the CoreWCF packages. Users are advised to upgrade. There are no workarounds for this issue.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "CWE-404: Improper Resource Shutdown or Release",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-21T19:41:32.728Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-32jq-mv89-5rx7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-32jq-mv89-5rx7"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/issues/1345",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/issues/1345"
            }
          ],
          "source": {
            "advisory": "GHSA-32jq-mv89-5rx7",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF NetFraming based services can leave connections open when they should be closed"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-28252",
        "datePublished": "2024-03-15T19:04:07.631Z",
        "dateReserved": "2024-03-07T14:33:30.036Z",
        "dateUpdated": "2024-08-26T15:07:39.236Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-54782 (GCVE-0-2026-54782)

    Vulnerability from cvelistv5 – Published: 2026-07-08 22:20 – Updated: 2026-07-09 14:28
    VLAI
    Title
    CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated bindings, allowing an unauthenticated remote attacker to impersonate any principal the trusted STS could issue. This issue is fixed in versions 1.8.1 and 1.9.1.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-290 - Authentication Bypass by Spoofing
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Affected: < 1.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54782",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:28:30.759540Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:28:40.691Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated bindings, allowing an unauthenticated remote attacker to impersonate any principal the trusted STS could issue. This issue is fixed in versions 1.8.1 and 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "CWE-290: Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:20:37.401Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-xjr9-gg9q-jx3v",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-xjr9-gg9q-jx3v"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/0b8c8af851260e85e8402af53233d1b8f87dfb6f",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/0b8c8af851260e85e8402af53233d1b8f87dfb6f"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/0e63c2cca55763d8be6b226a234579280a09e7b6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/0e63c2cca55763d8be6b226a234579280a09e7b6"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/e5cc9b6a4ecc102a50d782093bfc72e0790abe3d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/e5cc9b6a4ecc102a50d782093bfc72e0790abe3d"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-xjr9-gg9q-jx3v",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54782",
        "datePublished": "2026-07-08T22:20:37.401Z",
        "dateReserved": "2026-06-15T23:23:57.714Z",
        "dateUpdated": "2026-07-09T14:28:40.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54781 (GCVE-0-2026-54781)

    Vulnerability from cvelistv5 – Published: 2026-07-08 22:19 – Updated: 2026-07-09 14:40
    VLAI
    Title
    CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token validation does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom confirmation method assertions to authenticate a subject without proving authority over the assertion. This issue is fixed in versions 1.8.1 and 1.9.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    • CWE-345 - Insufficient Verification of Data Authenticity
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Affected: < 1.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54781",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:31:13.261626Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:40:11.234Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token validation does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom confirmation method assertions to authenticate a subject without proving authority over the assertion. This issue is fixed in versions 1.8.1 and 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287: Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-345",
                  "description": "CWE-345: Insufficient Verification of Data Authenticity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:19:40.784Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-48pq-2xq3-c2m4",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-48pq-2xq3-c2m4"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/6a99df3242f54acd6f89edfd6050430b72d0c685",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/6a99df3242f54acd6f89edfd6050430b72d0c685"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/86dd3232b6b8aaf32281be9e8d798afad6145d58",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/86dd3232b6b8aaf32281be9e8d798afad6145d58"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/9eb9b46d1c2af06fb71f656a02f4d5b4649c1f03",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/9eb9b46d1c2af06fb71f656a02f4d5b4649c1f03"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-48pq-2xq3-c2m4",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54781",
        "datePublished": "2026-07-08T22:19:40.784Z",
        "dateReserved": "2026-06-15T23:23:57.714Z",
        "dateUpdated": "2026-07-09T14:40:11.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54784 (GCVE-0-2026-54784)

    Vulnerability from cvelistv5 – Published: 2026-07-08 22:18 – Updated: 2026-07-09 13:17
    VLAI
    Title
    CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. In version 1.9.0, CoreWCF SPNEGO SecurityContextToken negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session establishment are used, allowing an observer to impersonate the authenticated Windows principal and decrypt or forge WS-SecureConversation traffic. This issue is fixed in version 1.9.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-311 - Missing Encryption of Sensitive Data
    • CWE-523 - Unprotected Transport of Credentials
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54784",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:17:35.985477Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:17:46.722Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. In version 1.9.0, CoreWCF SPNEGO SecurityContextToken negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session establishment are used, allowing an observer to impersonate the authenticated Windows principal and decrypt or forge WS-SecureConversation traffic. This issue is fixed in version 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-311",
                  "description": "CWE-311: Missing Encryption of Sensitive Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-523",
                  "description": "CWE-523: Unprotected Transport of Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:18:13.846Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-2288-8h3r-cqgg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-2288-8h3r-cqgg"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/2afae08b2fa5288428df89e8161116b816cf6b4b",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/2afae08b2fa5288428df89e8161116b816cf6b4b"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/f216aa6929d41dc99cee098b1e69c260ec4c41c7",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/f216aa6929d41dc99cee098b1e69c260ec4c41c7"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-2288-8h3r-cqgg",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54784",
        "datePublished": "2026-07-08T22:18:13.846Z",
        "dateReserved": "2026-06-15T23:23:57.714Z",
        "dateUpdated": "2026-07-09T13:17:46.722Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54774 (GCVE-0-2026-54774)

    Vulnerability from cvelistv5 – Published: 2026-07-08 22:17 – Updated: 2026-07-09 14:40
    VLAI
    Title
    CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, SamlSerializer skips final SignatureValue verification when a CoreWCF service validates SAML tokens using a non-X.509 signing token, allowing an attacker to reference a non-X.509 SecurityToken key identifier and bypass assertion signature verification. This issue is fixed in versions 1.8.1 and 1.9.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-345 - Insufficient Verification of Data Authenticity
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Affected: < 1.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54774",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:31:14.611140Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:40:18.629Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, SamlSerializer skips final SignatureValue verification when a CoreWCF service validates SAML tokens using a non-X.509 signing token, allowing an attacker to reference a non-X.509 SecurityToken key identifier and bypass assertion signature verification. This issue is fixed in versions 1.8.1 and 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-345",
                  "description": "CWE-345: Insufficient Verification of Data Authenticity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:17:07.314Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-rpj7-hr7h-w6p9",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-rpj7-hr7h-w6p9"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/65d09022749854ba943e376aefb958dec05b00d8",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/65d09022749854ba943e376aefb958dec05b00d8"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/b914495ce63c44924664643b60a262e7595081a4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/b914495ce63c44924664643b60a262e7595081a4"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/e7454132876ecc7e2cf80e541a44376eeb54979b",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/e7454132876ecc7e2cf80e541a44376eeb54979b"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-rpj7-hr7h-w6p9",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54774",
        "datePublished": "2026-07-08T22:17:07.314Z",
        "dateReserved": "2026-06-15T23:23:57.713Z",
        "dateUpdated": "2026-07-09T14:40:18.629Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54783 (GCVE-0-2026-54783)

    Vulnerability from cvelistv5 – Published: 2026-07-08 22:16 – Updated: 2026-07-09 12:55
    VLAI
    Title
    CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and supporting signature verification does not ensure the selected ds:Signature covers the expected Security header target, allowing an attacker with one captured signed SOAP envelope to replay arbitrary service operations as the victim principal. This issue is fixed in versions 1.8.1 and 1.9.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-294 - Authentication Bypass by Capture-replay
    • CWE-345 - Insufficient Verification of Data Authenticity
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Affected: < 1.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54783",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T12:55:02.530840Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T12:55:21.087Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and supporting signature verification does not ensure the selected ds:Signature covers the expected Security header target, allowing an attacker with one captured signed SOAP envelope to replay arbitrary service operations as the victim principal. This issue is fixed in versions 1.8.1 and 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-294",
                  "description": "CWE-294: Authentication Bypass by Capture-replay",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-345",
                  "description": "CWE-345: Insufficient Verification of Data Authenticity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:16:08.533Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-gqv6-pwcg-87r8",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-gqv6-pwcg-87r8"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/0589692d4b9a41d21b34ac48281e95f6df7f4ce5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/0589692d4b9a41d21b34ac48281e95f6df7f4ce5"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/30aef805270976c42477e3f2a05f4e563d86e247",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/30aef805270976c42477e3f2a05f4e563d86e247"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/4618f24165ad018ad3ed2636bf8c3bc87d2a3be2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/4618f24165ad018ad3ed2636bf8c3bc87d2a3be2"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-gqv6-pwcg-87r8",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54783",
        "datePublished": "2026-07-08T22:16:08.533Z",
        "dateReserved": "2026-06-15T23:23:57.714Z",
        "dateUpdated": "2026-07-09T12:55:21.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54780 (GCVE-0-2026-54780)

    Vulnerability from cvelistv5 – Published: 2026-07-08 22:15 – Updated: 2026-07-09 19:21
    VLAI
    Title
    CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference DigestMethod, allowing a sender to use a rejected digest algorithm such as SHA-1 while the message is still accepted. This issue is fixed in versions 1.8.1 and 1.9.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    • CWE-757 - Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Affected: < 1.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54780",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T19:21:29.380282Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T19:21:36.312Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference DigestMethod, allowing a sender to use a rejected digest algorithm such as SHA-1 while the message is still accepted. This issue is fixed in versions 1.8.1 and 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-757",
                  "description": "CWE-757: Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:15:06.161Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-4v55-cpmv-3vcm",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-4v55-cpmv-3vcm"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/58742312117cc671e6e9c694c2f5f9f669c17136",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/58742312117cc671e6e9c694c2f5f9f669c17136"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/9104e581cff3d047ace5e179bfae86807a44be1f",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/9104e581cff3d047ace5e179bfae86807a44be1f"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/fea67b2cd73a5a85115c325d504303ec7382e133",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/fea67b2cd73a5a85115c325d504303ec7382e133"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-4v55-cpmv-3vcm",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54780",
        "datePublished": "2026-07-08T22:15:06.161Z",
        "dateReserved": "2026-06-15T23:23:57.714Z",
        "dateUpdated": "2026-07-09T19:21:36.312Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54775 (GCVE-0-2026-54775)

    Vulnerability from cvelistv5 – Published: 2026-07-08 22:13 – Updated: 2026-07-09 14:20
    VLAI
    Title
    CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service.
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent endpoint denial of service for attackers with produce permission. This issue is fixed in versions 1.8.1 and 1.9.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-248 - Uncaught Exception
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    • CWE-755 - Improper Handling of Exceptional Conditions
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Affected: < 1.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54775",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:20:22.314924Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:20:32.975Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent endpoint denial of service for attackers with produce permission. This issue is fixed in versions 1.8.1 and 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248: Uncaught Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-755",
                  "description": "CWE-755: Improper Handling of Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:13:37.611Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-m744-jhq9-ppw6",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-m744-jhq9-ppw6"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/1a229d0d14a07766302f7d14c866889f04a3a624",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/1a229d0d14a07766302f7d14c866889f04a3a624"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/6d7431ebc0ebe6521ea6d0dbea8982bac3d2bc98",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/6d7431ebc0ebe6521ea6d0dbea8982bac3d2bc98"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/8f95f3ac3c929409e830b5c5659683ef9f6ea6b0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/8f95f3ac3c929409e830b5c5659683ef9f6ea6b0"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-m744-jhq9-ppw6",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service."
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54775",
        "datePublished": "2026-07-08T22:13:37.611Z",
        "dateReserved": "2026-06-15T23:23:57.713Z",
        "dateUpdated": "2026-07-09T14:20:32.975Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54778 (GCVE-0-2026-54778)

    Vulnerability from cvelistv5 – Published: 2026-07-08 22:11 – Updated: 2026-07-09 13:23
    VLAI
    Title
    CoreWCF: UnixDomainSocket Non-Reentrant POSIX Identity Resolution
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF UnixDomainSocket POSIX peer identity resolution uses non-reentrant getpwuid and getgrgid calls, allowing concurrent connections to attribute one connection's identity to another or crash the host process under contention. This issue is fixed in versions 1.8.1 and 1.9.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    • CWE-825 - Expired Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Affected: < 1.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54778",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:22:50.639287Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:23:29.922Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF UnixDomainSocket POSIX peer identity resolution uses non-reentrant getpwuid and getgrgid calls, allowing concurrent connections to attribute one connection\u0027s identity to another or crash the host process under contention. This issue is fixed in versions 1.8.1 and 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-362",
                  "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-825",
                  "description": "CWE-825: Expired Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:12:11.923Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-q6v9-43v5-jv9q",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-q6v9-43v5-jv9q"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/a3d95ea4627b818995e92c7def4c016164cacfce",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/a3d95ea4627b818995e92c7def4c016164cacfce"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/b0acb105589b455a095ea5ff49f5191e4eeff791",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/b0acb105589b455a095ea5ff49f5191e4eeff791"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/b4867547c94bb088568935d581a55dda18a621e1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/b4867547c94bb088568935d581a55dda18a621e1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-q6v9-43v5-jv9q",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF: UnixDomainSocket Non-Reentrant POSIX Identity Resolution"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54778",
        "datePublished": "2026-07-08T22:11:55.490Z",
        "dateReserved": "2026-06-15T23:23:57.714Z",
        "dateUpdated": "2026-07-09T13:23:29.922Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54773 (GCVE-0-2026-54773)

    Vulnerability from cvelistv5 – Published: 2026-07-08 22:09 – Updated: 2026-07-08 22:10
    VLAI
    Title
    CoreWCF: WS-Security signature substitution via document-wide Signature lookup
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security and cause WSSecurityOneDotZeroReceiveSecurityHeader to verify an attacker-supplied signature instead of the security header signature. This issue is fixed in versions 1.8.1 and 1.9.1.
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Affected: < 1.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security and cause WSSecurityOneDotZeroReceiveSecurityHeader to verify an attacker-supplied signature instead of the security header signature. This issue is fixed in versions 1.8.1 and 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:10:26.712Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-jc6x-rj79-w4mx",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-jc6x-rj79-w4mx"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/0589692d4b9a41d21b34ac48281e95f6df7f4ce5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/0589692d4b9a41d21b34ac48281e95f6df7f4ce5"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/30aef805270976c42477e3f2a05f4e563d86e247",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/30aef805270976c42477e3f2a05f4e563d86e247"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/4618f24165ad018ad3ed2636bf8c3bc87d2a3be2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/4618f24165ad018ad3ed2636bf8c3bc87d2a3be2"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-jc6x-rj79-w4mx",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF: WS-Security signature substitution via document-wide Signature lookup"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54773",
        "datePublished": "2026-07-08T22:09:32.584Z",
        "dateReserved": "2026-06-15T23:23:57.713Z",
        "dateUpdated": "2026-07-08T22:10:26.712Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54779 (GCVE-0-2026-54779)

    Vulnerability from cvelistv5 – Published: 2026-07-08 22:07 – Updated: 2026-07-09 14:17
    VLAI
    Title
    CoreWCF: SAML token replay protection is inoperative
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token replay protection is inoperative because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a captured token to be reused. This issue is fixed in versions 1.8.1 and 1.9.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-294 - Authentication Bypass by Capture-replay
    • CWE-613 - Insufficient Session Expiration
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Affected: < 1.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54779",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:17:49.549188Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:17:57.224Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token replay protection is inoperative because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a captured token to be reused. This issue is fixed in versions 1.8.1 and 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-294",
                  "description": "CWE-294: Authentication Bypass by Capture-replay",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613: Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:07:46.453Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-9jr3-rj99-8jq3",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-9jr3-rj99-8jq3"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/3800c4e2bb4c6fde00ddacefdc2221ef33d55621",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/3800c4e2bb4c6fde00ddacefdc2221ef33d55621"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/7b0b5231cf21b4b5c1fc3caac9981f8bee43823f",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/7b0b5231cf21b4b5c1fc3caac9981f8bee43823f"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/84f8cff5a786b5aaa73448cb379d366a7df98238",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/84f8cff5a786b5aaa73448cb379d366a7df98238"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-9jr3-rj99-8jq3",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF: SAML token replay protection is inoperative"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54779",
        "datePublished": "2026-07-08T22:07:46.453Z",
        "dateReserved": "2026-06-15T23:23:57.714Z",
        "dateUpdated": "2026-07-09T14:17:57.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54772 (GCVE-0-2026-54772)

    Vulnerability from cvelistv5 – Published: 2026-07-08 22:06 – Updated: 2026-07-09 14:19
    VLAI
    Title
    CoreWCF: Pre-authentication infinite-loop CPU exhaustion in CoreWCF net.tcp / net.pipe / net.uds framing handshake
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, an unauthenticated remote attacker that can reach a NetTcpBinding, NetNamedPipeBinding, or UnixDomainSocketBinding endpoint can trigger premature EOF handling in the CoreWCF net.tcp, net.pipe, or net.uds framing handshake and pin one server thread-pool worker at full CPU per connection. This issue is fixed in versions 1.8.1 and 1.9.1.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Affected: < 1.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54772",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:19:10.629206Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:19:17.666Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, an unauthenticated remote attacker that can reach a NetTcpBinding, NetNamedPipeBinding, or UnixDomainSocketBinding endpoint can trigger premature EOF handling in the CoreWCF net.tcp, net.pipe, or net.uds framing handshake and pin one server thread-pool worker at full CPU per connection. This issue is fixed in versions 1.8.1 and 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:06:08.914Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-p86g-xrr2-pf7c",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-p86g-xrr2-pf7c"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/03ddbced349931a2da6c0efcdf745c0722eff77c",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/03ddbced349931a2da6c0efcdf745c0722eff77c"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/7ddd966d6e58564a32ab30c825dd693b45a34a55",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/7ddd966d6e58564a32ab30c825dd693b45a34a55"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/c4212988cd6fd472783d0413426eeac61044097a",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/c4212988cd6fd472783d0413426eeac61044097a"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-p86g-xrr2-pf7c",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF: Pre-authentication infinite-loop CPU exhaustion in CoreWCF net.tcp / net.pipe / net.uds framing handshake"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54772",
        "datePublished": "2026-07-08T22:06:08.914Z",
        "dateReserved": "2026-06-15T23:23:57.713Z",
        "dateUpdated": "2026-07-09T14:19:17.666Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54776 (GCVE-0-2026-54776)

    Vulnerability from cvelistv5 – Published: 2026-07-08 22:04 – Updated: 2026-07-09 12:56
    VLAI
    Title
    CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching messages, bypassing framing-layer identity checks in UnixPosixIdentitySecurityUpgradeProvider. This issue is fixed in versions 1.8.1 and 1.9.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Affected: < 1.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54776",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T12:56:10.364263Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T12:56:16.584Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching messages, bypassing framing-layer identity checks in UnixPosixIdentitySecurityUpgradeProvider. This issue is fixed in versions 1.8.1 and 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:04:39.200Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-wjpq-6766-7f5j",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-wjpq-6766-7f5j"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/994431268e3362c0cd126450fe2a135c202551f3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/994431268e3362c0cd126450fe2a135c202551f3"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/9af16955e51a57348dafce0019e259a092ef7440",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/9af16955e51a57348dafce0019e259a092ef7440"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/f2f1a05927a88b8a75fa0582fa8ed75eb891e463",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/f2f1a05927a88b8a75fa0582fa8ed75eb891e463"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-wjpq-6766-7f5j",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54776",
        "datePublished": "2026-07-08T22:04:39.200Z",
        "dateReserved": "2026-06-15T23:23:57.713Z",
        "dateUpdated": "2026-07-09T12:56:16.584Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54777 (GCVE-0-2026-54777)

    Vulnerability from cvelistv5 – Published: 2026-07-08 22:01 – Updated: 2026-07-09 12:57
    VLAI
    Title
    CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF NetNamedPipe transport accepts attachment to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic when an attacker races NamedPipeListener startup between shared memory GUID publication and service named pipe creation. This issue is fixed in versions 1.8.1 and 1.9.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    • CWE-665 - Improper Initialization
    Assigner
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.9.0, < 1.9.1
    Affected: < 1.8.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54777",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T12:57:25.187510Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T12:57:35.393Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.9.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF NetNamedPipe transport accepts attachment to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic when an attacker races NamedPipeListener startup between shared memory GUID publication and service named pipe creation. This issue is fixed in versions 1.8.1 and 1.9.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-665",
                  "description": "CWE-665: Improper Initialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T22:01:21.323Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-6jj2-4q5c-x8g6",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-6jj2-4q5c-x8g6"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/8ed9c780c7c6fb22fa215c5771dee0c1e49596b7",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/8ed9c780c7c6fb22fa215c5771dee0c1e49596b7"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/commit/e7d225394fd429900dcbc445dcdd53b94e964077",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/commit/e7d225394fd429900dcbc445dcdd53b94e964077"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"
            }
          ],
          "source": {
            "advisory": "GHSA-6jj2-4q5c-x8g6",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54777",
        "datePublished": "2026-07-08T22:01:21.323Z",
        "dateReserved": "2026-06-15T23:23:57.714Z",
        "dateUpdated": "2026-07-09T12:57:35.393Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-28252 (GCVE-0-2024-28252)

    Vulnerability from cvelistv5 – Published: 2024-03-15 19:04 – Updated: 2024-08-26 15:07
    VLAI
    Title
    CoreWCF NetFraming based services can leave connections open when they should be closed
    Summary
    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. If you have a NetFraming based CoreWCF service, extra system resources could be consumed by connections being left established instead of closing or aborting them. There are two scenarios when this can happen. When a client established a connection to the service and sends no data, the service will wait indefinitely for the client to initiate the NetFraming session handshake. Additionally, once a client has established a session, if the client doesn't send any requests for the period of time configured in the binding ReceiveTimeout, the connection is not properly closed as part of the session being aborted. The bindings affected by this behavior are NetTcpBinding, NetNamedPipeBinding, and UnixDomainSocketBinding. Only NetTcpBinding has the ability to accept non local connections. The currently supported versions of CoreWCF are v1.4.x and v1.5.x. The fix can be found in v1.4.2 and v1.5.2 of the CoreWCF packages. Users are advised to upgrade. There are no workarounds for this issue.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-404 - Improper Resource Shutdown or Release
    Assigner
    References
    Impacted products
    Vendor Product Version
    CoreWCF CoreWCF Affected: >= 1.5.0, < 1.5.2
    Affected: < 1.4.2
    Create a notification for this product.
    corewcf corewcf Affected: 0 , < 1.4.2 (custom)
    Affected: 1.5.0 , < 1.5.2 (custom)
        cpe:2.3:a:corewcf:corewcf:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:corewcf:corewcf:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "corewcf",
                "vendor": "corewcf",
                "versions": [
                  {
                    "lessThan": "1.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.5.2",
                    "status": "affected",
                    "version": "1.5.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28252",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-26T15:06:15.448119Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-26T15:07:39.236Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:48:49.501Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-32jq-mv89-5rx7",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-32jq-mv89-5rx7"
              },
              {
                "name": "https://github.com/CoreWCF/CoreWCF/issues/1345",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/CoreWCF/CoreWCF/issues/1345"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CoreWCF",
              "vendor": "CoreWCF",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.5.0, \u003c 1.5.2"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.4.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. If you have a NetFraming based CoreWCF service, extra system resources could be consumed by connections being left established instead of closing or aborting them. There are two scenarios when this can happen. When a client established a connection to the service and sends no data, the service will wait indefinitely for the client to initiate the NetFraming session handshake. Additionally, once a client has established a session, if the client doesn\u0027t send any requests for the period of time configured in the binding ReceiveTimeout, the connection is not properly closed as part of the session being aborted. The bindings affected by this behavior are NetTcpBinding, NetNamedPipeBinding, and UnixDomainSocketBinding. Only NetTcpBinding has the ability to accept non local connections. The currently supported versions of CoreWCF are v1.4.x and v1.5.x. The fix can be found in v1.4.2 and v1.5.2 of the CoreWCF packages. Users are advised to upgrade. There are no workarounds for this issue.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "CWE-404: Improper Resource Shutdown or Release",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-21T19:41:32.728Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-32jq-mv89-5rx7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-32jq-mv89-5rx7"
            },
            {
              "name": "https://github.com/CoreWCF/CoreWCF/issues/1345",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CoreWCF/CoreWCF/issues/1345"
            }
          ],
          "source": {
            "advisory": "GHSA-32jq-mv89-5rx7",
            "discovery": "UNKNOWN"
          },
          "title": "CoreWCF NetFraming based services can leave connections open when they should be closed"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-28252",
        "datePublished": "2024-03-15T19:04:07.631Z",
        "dateReserved": "2024-03-07T14:33:30.036Z",
        "dateUpdated": "2024-08-26T15:07:39.236Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }