{"api_version":"1","generated_at":"2026-07-13T20:39:42+00:00","cve":"CVE-2026-54779","urls":{"html":"https://cve.report/CVE-2026-54779","api":"https://cve.report/api/cve/CVE-2026-54779.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-54779","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-54779"},"summary":{"title":"CoreWCF: SAML token replay protection is inoperative","description":"CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token replay protection is inoperative because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a captured token to be reused. This issue is fixed in versions 1.8.1 and 1.9.1.","state":"PUBLISHED","assigner":"GitHub_M","published_at":"2026-07-08 23:16:55","updated_at":"2026-07-09 16:29:14"},"problem_types":["CWE-294","CWE-613","CWE-294 CWE-294: Authentication Bypass by Capture-replay","CWE-613 CWE-613: Insufficient Session Expiration"],"metrics":[{"version":"3.1","source":"security-advisories@github.com","type":"Secondary","score":"5.9","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"5.9","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.9,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","version":"3.1"}}],"references":[{"url":"https://github.com/CoreWCF/CoreWCF/commit/7b0b5231cf21b4b5c1fc3caac9981f8bee43823f","name":"https://github.com/CoreWCF/CoreWCF/commit/7b0b5231cf21b4b5c1fc3caac9981f8bee43823f","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1","name":"https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-9jr3-rj99-8jq3","name":"https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-9jr3-rj99-8jq3","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/CoreWCF/CoreWCF/commit/84f8cff5a786b5aaa73448cb379d366a7df98238","name":"https://github.com/CoreWCF/CoreWCF/commit/84f8cff5a786b5aaa73448cb379d366a7df98238","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/CoreWCF/CoreWCF/commit/3800c4e2bb4c6fde00ddacefdc2221ef33d55621","name":"https://github.com/CoreWCF/CoreWCF/commit/3800c4e2bb4c6fde00ddacefdc2221ef33d55621","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1","name":"https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-54779","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-54779","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"CoreWCF","product":"CoreWCF","version":"affected >= 1.9.0, < 1.9.1","platforms":[]},{"source":"CNA","vendor":"CoreWCF","product":"CoreWCF","version":"affected < 1.8.1","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"54779","cve":"CVE-2026-54779","epss":"0.002680000","percentile":"0.185010000","score_date":"2026-07-12","updated_at":"2026-07-13 00:07:37"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-54779","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-07-09T14:17:49.549188Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-07-09T14:17:57.224Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"CoreWCF","vendor":"CoreWCF","versions":[{"status":"affected","version":">= 1.9.0, < 1.9.1"},{"status":"affected","version":"< 1.8.1"}]}],"descriptions":[{"lang":"en","value":"CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token replay protection is inoperative because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a captured token to be reused. This issue is fixed in versions 1.8.1 and 1.9.1."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.9,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-294","description":"CWE-294: Authentication Bypass by Capture-replay","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-613","description":"CWE-613: Insufficient Session Expiration","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-08T22:07:46.453Z","orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M"},"references":[{"name":"https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-9jr3-rj99-8jq3","tags":["x_refsource_CONFIRM"],"url":"https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-9jr3-rj99-8jq3"},{"name":"https://github.com/CoreWCF/CoreWCF/commit/3800c4e2bb4c6fde00ddacefdc2221ef33d55621","tags":["x_refsource_MISC"],"url":"https://github.com/CoreWCF/CoreWCF/commit/3800c4e2bb4c6fde00ddacefdc2221ef33d55621"},{"name":"https://github.com/CoreWCF/CoreWCF/commit/7b0b5231cf21b4b5c1fc3caac9981f8bee43823f","tags":["x_refsource_MISC"],"url":"https://github.com/CoreWCF/CoreWCF/commit/7b0b5231cf21b4b5c1fc3caac9981f8bee43823f"},{"name":"https://github.com/CoreWCF/CoreWCF/commit/84f8cff5a786b5aaa73448cb379d366a7df98238","tags":["x_refsource_MISC"],"url":"https://github.com/CoreWCF/CoreWCF/commit/84f8cff5a786b5aaa73448cb379d366a7df98238"},{"name":"https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1","tags":["x_refsource_MISC"],"url":"https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"},{"name":"https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1","tags":["x_refsource_MISC"],"url":"https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"}],"source":{"advisory":"GHSA-9jr3-rj99-8jq3","discovery":"UNKNOWN"},"title":"CoreWCF: SAML token replay protection is inoperative"}},"cveMetadata":{"assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","assignerShortName":"GitHub_M","cveId":"CVE-2026-54779","datePublished":"2026-07-08T22:07:46.453Z","dateReserved":"2026-06-15T23:23:57.714Z","dateUpdated":"2026-07-09T14:17:57.224Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-08 23:16:55","lastModifiedDate":"2026-07-09 16:29:14","problem_types":["CWE-294","CWE-613","CWE-294 CWE-294: Authentication Bypass by Capture-replay","CWE-613 CWE-613: Insufficient Session Expiration"],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T14:17:49.549188Z","id":"CVE-2026-54779","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"54779","Ordinal":"1","Title":"CoreWCF: SAML token replay protection is inoperative","CVE":"CVE-2026-54779","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"54779","Ordinal":"1","NoteData":"CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token replay protection is inoperative because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a captured token to be reused. This issue is fixed in versions 1.8.1 and 1.9.1.","Type":"Description","Title":"CoreWCF: SAML token replay protection is inoperative"}]}}}