CVE-2026-54784
Received Received - Intake

CoreWCF SPNEGO SecurityContextToken Proof Key Exposure

Vulnerability report for CVE-2026-54784, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: GitHub, Inc.

Description

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. In version 1.9.0, CoreWCF SPNEGO SecurityContextToken negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session establishment are used, allowing an observer to impersonate the authenticated Windows principal and decrypt or forge WS-SecureConversation traffic. This issue is fixed in version 1.9.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
corewcf corewcf to 1.9.1 (exc)
corewcf corewcf 1.9.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-311 The product does not encrypt sensitive or critical information before storage or transmission.
CWE-523 Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in CoreWCF version 1.9.0, which is a port of the Windows Communication Foundation to .NET Core. It involves the SPNEGO SecurityContextToken negotiation process. Specifically, when using TransportWithMessageCredential with Windows client credentials and session establishment, the proof key recovered from the RSTR message can be exposed. This exposure allows an observer to impersonate the authenticated Windows principal and to decrypt or forge WS-SecureConversation traffic.

The issue is resolved in CoreWCF version 1.9.1.

Impact Analysis

This vulnerability can have serious security impacts. An attacker who observes the exposed proof key can impersonate an authenticated Windows user, gaining unauthorized access to systems or data. Additionally, the attacker can decrypt or forge WS-SecureConversation traffic, potentially leading to data breaches, unauthorized data manipulation, or further attacks within the affected communication sessions.

Mitigation Strategies

To mitigate this vulnerability, upgrade CoreWCF to version 1.9.1 or later, where the issue has been fixed.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54784. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart