{"api_version":"1","generated_at":"2026-07-09T05:59:32+00:00","cve":"CVE-2026-54782","urls":{"html":"https://cve.report/CVE-2026-54782","api":"https://cve.report/api/cve/CVE-2026-54782.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-54782","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-54782"},"summary":{"title":"CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation","description":"CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated bindings, allowing an unauthenticated remote attacker to impersonate any principal the trusted STS could issue. This issue is fixed in versions 1.8.1 and 1.9.1.","state":"PUBLISHED","assigner":"GitHub_M","published_at":"2026-07-08 23:16:56","updated_at":"2026-07-08 23:16:56"},"problem_types":["CWE-290","CWE-347","CWE-290 CWE-290: Authentication Bypass by Spoofing","CWE-347 CWE-347: Improper Verification of Cryptographic Signature"],"metrics":[{"version":"3.1","source":"security-advisories@github.com","type":"Secondary","score":"10","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","baseScore":10,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"10","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":10,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","version":"3.1"}}],"references":[{"url":"https://github.com/CoreWCF/CoreWCF/commit/0e63c2cca55763d8be6b226a234579280a09e7b6","name":"https://github.com/CoreWCF/CoreWCF/commit/0e63c2cca55763d8be6b226a234579280a09e7b6","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/CoreWCF/CoreWCF/commit/e5cc9b6a4ecc102a50d782093bfc72e0790abe3d","name":"https://github.com/CoreWCF/CoreWCF/commit/e5cc9b6a4ecc102a50d782093bfc72e0790abe3d","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-xjr9-gg9q-jx3v","name":"https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-xjr9-gg9q-jx3v","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/CoreWCF/CoreWCF/commit/0b8c8af851260e85e8402af53233d1b8f87dfb6f","name":"https://github.com/CoreWCF/CoreWCF/commit/0b8c8af851260e85e8402af53233d1b8f87dfb6f","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1","name":"https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1","name":"https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1","refsource":"security-advisories@github.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-54782","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-54782","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"CoreWCF","product":"CoreWCF","version":"affected >= 1.9.0, < 1.9.1","platforms":[]},{"source":"CNA","vendor":"CoreWCF","product":"CoreWCF","version":"affected < 1.8.1","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"product":"CoreWCF","vendor":"CoreWCF","versions":[{"status":"affected","version":">= 1.9.0, < 1.9.1"},{"status":"affected","version":"< 1.8.1"}]}],"descriptions":[{"lang":"en","value":"CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated bindings, allowing an unauthenticated remote attacker to impersonate any principal the trusted STS could issue. This issue is fixed in versions 1.8.1 and 1.9.1."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":10,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-290","description":"CWE-290: Authentication Bypass by Spoofing","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-347","description":"CWE-347: Improper Verification of Cryptographic Signature","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-08T22:20:37.401Z","orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M"},"references":[{"name":"https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-xjr9-gg9q-jx3v","tags":["x_refsource_CONFIRM"],"url":"https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-xjr9-gg9q-jx3v"},{"name":"https://github.com/CoreWCF/CoreWCF/commit/0b8c8af851260e85e8402af53233d1b8f87dfb6f","tags":["x_refsource_MISC"],"url":"https://github.com/CoreWCF/CoreWCF/commit/0b8c8af851260e85e8402af53233d1b8f87dfb6f"},{"name":"https://github.com/CoreWCF/CoreWCF/commit/0e63c2cca55763d8be6b226a234579280a09e7b6","tags":["x_refsource_MISC"],"url":"https://github.com/CoreWCF/CoreWCF/commit/0e63c2cca55763d8be6b226a234579280a09e7b6"},{"name":"https://github.com/CoreWCF/CoreWCF/commit/e5cc9b6a4ecc102a50d782093bfc72e0790abe3d","tags":["x_refsource_MISC"],"url":"https://github.com/CoreWCF/CoreWCF/commit/e5cc9b6a4ecc102a50d782093bfc72e0790abe3d"},{"name":"https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1","tags":["x_refsource_MISC"],"url":"https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1"},{"name":"https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1","tags":["x_refsource_MISC"],"url":"https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1"}],"source":{"advisory":"GHSA-xjr9-gg9q-jx3v","discovery":"UNKNOWN"},"title":"CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation"}},"cveMetadata":{"assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","assignerShortName":"GitHub_M","cveId":"CVE-2026-54782","datePublished":"2026-07-08T22:20:37.401Z","dateReserved":"2026-06-15T23:23:57.714Z","dateUpdated":"2026-07-08T22:20:37.401Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-08 23:16:56","lastModifiedDate":"2026-07-08 23:16:56","problem_types":["CWE-290","CWE-347","CWE-290 CWE-290: Authentication Bypass by Spoofing","CWE-347 CWE-347: Improper Verification of Cryptographic Signature"],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","baseScore":10,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.8}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"54782","Ordinal":"1","Title":"CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token s","CVE":"CVE-2026-54782","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"54782","Ordinal":"1","NoteData":"CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated bindings, allowing an unauthenticated remote attacker to impersonate any principal the trusted STS could issue. This issue is fixed in versions 1.8.1 and 1.9.1.","Type":"Description","Title":"CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token s"}]}}}