Dismissed
(no matching packages found)
Permalink
CVE-2026-54779
5.9 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): High (H)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): None (N)
- Integrity (I): High (H)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): High (H)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): None (N)
Activity log
- Created & dismissed (no matching packages found) suggestion
CoreWCF: SAML token replay protection is inoperative
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token replay protection is inoperative because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a captured token to be reused. This issue is fixed in versions 1.8.1 and 1.9.1.
References
-
https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-9jr3-rj99-8jq3 x_refsource_CONFIRM
-
https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1 x_refsource_MISC
-
https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1 x_refsource_MISC
Affected products
CoreWCF
- ==< 1.8.1
- ==>= 1.9.0, < 1.9.1