SOAP Signature Verification Vulnerability in CoreWCF from Microsoft
CVE-2026-54773
5.9MEDIUM
What is CVE-2026-54773?
CoreWCF, a .NET Core port of Windows Communication Foundation (WCF), has a vulnerability in its WS-Security signature verification process. This flaw allows an unauthenticated remote attacker to manipulate SOAP headers, potentially leading to the verification of a maliciously crafted signature instead of the intended security header signature. The issue is addressed in versions 1.8.1 and 1.9.1, ensuring that document-wide signature lookups do not permit such exploitation.
Affected Version(s)
CoreWCF >= 1.9.0, < 1.9.1 < 1.9.0, 1.9.1
CoreWCF < 1.8.1 < 1.8.1
