Lucene search
K

65 matches found

NVD
NVD
added 5 days ago6 views

CVE-2026-54783

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and supporting signature verification does not ensure the selected ds:Signature covers the expected Security header target, allowing an attacker with...

7.4CVSS0.00143EPSS
Exploits0References6
NVD
NVD
added 5 days ago6 views

CVE-2026-54782

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated binding...

10CVSS0.00246EPSS
Exploits0References6
NVD
NVD
added 5 days ago8 views

CVE-2026-54775

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent...

6.5CVSS0.00336EPSS
Exploits0References6
NVD
NVD
added 5 days ago9 views

CVE-2026-54774

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, SamlSerializer skips final SignatureValue verification when a CoreWCF service validates SAML tokens using a non-X.509 signing token, allowing an attacker to reference a non-X.509...

7.4CVSS0.0015EPSS
Exploits0References6
NVD
NVD
added 5 days ago7 views

CVE-2026-54779

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token replay protection is inoperative because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a captur...

5.9CVSS0.00268EPSS
Exploits0References6
NVD
NVD
added 5 days ago7 views

CVE-2026-54781

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token validation does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom...

7.4CVSS0.00178EPSS
Exploits0References6
NVD
NVD
added 5 days ago7 views

CVE-2026-54780

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference...

3.7CVSS0.00157EPSS
Exploits0References6
NVD
NVD
added 5 days ago6 views

CVE-2026-54773

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security an...

5.9CVSS0.00238EPSS
Exploits0References6
CVE
CVE
added 5 days ago35 views

CVE-2026-54782

CVE-2026-54782 affects CoreWCF (CoreWCF.Primitives and related token validation path) where SAML 1.1/2.0 token validation fails to resolve the issuer signing key when IdentityConfiguration is used with federated bindings, allowing unauthenticated impersonation. Affected versions: prior to 1.8.1 a...

10CVSS6AI score0.00246EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-54782 CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated binding...

10CVSS0.00246EPSS
Exploits0References6
CVE
CVE
added 5 days ago16 views

CVE-2026-54781

CoreWCF (SAML token validation) does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom confirmation method assertions to authenticate subjects without proper authority. Affects CoreWCF.Primitives and rel...

7.4CVSS5.9AI score0.00178EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-54784 CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. In version 1.9.0, CoreWCF SPNEGO SecurityContextToken negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session...

7.4CVSS0.00175EPSS
Exploits0References4
CVE
CVE
added 5 days ago17 views

CVE-2026-54774

CoreWCF (CoreWCF.Primitives and related components) is affected by CVE-2026-54774 where SamlSerializer may skip final SignatureValue verification when validating SAML tokens signed with a non-X.509 issuer token. The vulnerability arises when an out-of-band token resolver provides a non-X.509 Secu...

7.4CVSS5.9AI score0.0015EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-54774 CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, SamlSerializer skips final SignatureValue verification when a CoreWCF service validates SAML tokens using a non-X.509 signing token, allowing an attacker to reference a non-X.509...

7.4CVSS0.0015EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-54783 CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and supporting signature verification does not ensure the selected ds:Signature covers the expected Security header target, allowing an attacker with...

7.4CVSS0.00143EPSS
Exploits0References6
CVE
CVE
added 5 days ago20 views

CVE-2026-54783

CoreWCF (Net Core port of WCF) has an XML Signature Wrapping vulnerability in WS-Security endorsing/signature verification prior to v1.8.1 and v1.9.1, where the ds:Signature may not cover the expected Security header target. An attacker who captures a signed SOAP envelope can replay arbitrary ser...

7.4CVSS6AI score0.00143EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-54780 CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference...

3.7CVSS0.00157EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-54775 CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service.

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent...

6.5CVSS0.00336EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-54778 CoreWCF: UnixDomainSocket Non-Reentrant POSIX Identity Resolution

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF UnixDomainSocket POSIX peer identity resolution uses non-reentrant getpwuid and getgrgid calls, allowing concurrent connections to attribute one connection's identity to...

6.2CVSS0.001EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-54779 CoreWCF: SAML token replay protection is inoperative

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token replay protection is inoperative because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a captur...

5.9CVSS0.00268EPSS
Exploits0References6
Rows per page
Query Builder