SOAP Security Vulnerability in CoreWCF Product by CoreWCF
CVE-2026-54783

7.4HIGH

Key Information:

Vendor

Corewcf

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-54783?

CoreWCF, a .NET Core implementation of Windows Communication Foundation, suffers from a vulnerability where the WS-Security signature verification does not guarantee that the selected signature is aligned with the expected security header target. This oversight could allow an attacker to replay signature-captured SOAP envelopes to execute arbitrary service operations as if they were the intended user. To mitigate this issue, users are advised to upgrade to CoreWCF versions 1.8.1 or 1.9.1, which contain the necessary fixes.

Affected Version(s)

CoreWCF >= 1.9.0, < 1.9.1 < 1.9.0, 1.9.1

CoreWCF < 1.8.1 < 1.8.1

References

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.