CVE-2026-54781
Received Received - Intake

SAML Token Validation Bypass in CoreWCF

Vulnerability report for CVE-2026-54781, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: GitHub, Inc.

Description

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token validation does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom confirmation method assertions to authenticate a subject without proving authority over the assertion. This issue is fixed in versions 1.8.1 and 1.9.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
corewcf corewcf to 1.9.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-345 The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in CoreWCF, a port of Windows Communication Foundation to .NET Core. Before versions 1.8.1 and 1.9.1, the SAML token validation in CoreWCF's SamlSecurityTokenHandler did not properly enforce SubjectConfirmation method URIs or holder-of-key proof keys. This flaw allows an attacker to perform a holder-of-key downgrade or use custom confirmation method assertions to authenticate a subject without actually proving authority over the assertion.

Impact Analysis

The vulnerability can allow unauthorized authentication by bypassing proper validation of SAML tokens. This means an attacker could impersonate a legitimate user or service without proving they have the correct cryptographic keys, potentially leading to unauthorized access to sensitive systems or data.

Mitigation Strategies

To mitigate this vulnerability, upgrade CoreWCF to version 1.8.1 or 1.9.1, where the issue with SAML token validation is fixed.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54781. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart