SAML Token Replay Vulnerability in CoreWCF Affecting .NET Core Applications
CVE-2026-54779
5.9MEDIUM
What is CVE-2026-54779?
CoreWCF, a port of the Windows Communication Foundation (WCF) to .NET Core, has a significant vulnerability in its SAML token replay protection mechanism. Prior to versions 1.8.1 and 1.9.1, the DefaultTokenReplayCache.TryAdd method fails to adequately reject duplicate tokens, even when the DetectReplayedTokens feature is enabled. This flaw allows attackers to reuse captured tokens, leading to potential unauthorized access and data breaches. Users are advised to update to the latest versions (1.8.1 or 1.9.1) to mitigate this issue.
Affected Version(s)
CoreWCF >= 1.9.0, < 1.9.1 < 1.9.0, 1.9.1
CoreWCF < 1.8.1 < 1.8.1
