Security Flaw in CoreWCF SAML Validation for .NET Core by CoreWCF
CVE-2026-54781
7.4HIGH
What is CVE-2026-54781?
CoreWCF, a port of the Windows Communication Foundation to .NET Core, has a vulnerability in its SAML token validation mechanism. This flaw allows for potential authentication bypass through unsecured subject confirmation method URIs and holder-of-key proof keys. As a result, malicious actors could exploit this vulnerability to authenticate a subject without proper verification of authority over the assertion. This issue has been rectified in updates 1.8.1 and 1.9.1. Users are strongly encouraged to update their CoreWCF installations to secure their applications.
Affected Version(s)
CoreWCF >= 1.9.0, < 1.9.1 < 1.9.0, 1.9.1
CoreWCF < 1.8.1 < 1.8.1
