SAML Token Replay Vulnerability in CoreWCF Affecting .NET Core Applications
CVE-2026-54779

5.9MEDIUM

Key Information:

Vendor

Corewcf

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-54779?

CoreWCF, a port of the Windows Communication Foundation (WCF) to .NET Core, has a significant vulnerability in its SAML token replay protection mechanism. Prior to versions 1.8.1 and 1.9.1, the DefaultTokenReplayCache.TryAdd method fails to adequately reject duplicate tokens, even when the DetectReplayedTokens feature is enabled. This flaw allows attackers to reuse captured tokens, leading to potential unauthorized access and data breaches. Users are advised to update to the latest versions (1.8.1 or 1.9.1) to mitigate this issue.

Affected Version(s)

CoreWCF >= 1.9.0, < 1.9.1 < 1.9.0, 1.9.1

CoreWCF < 1.8.1 < 1.8.1

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.