SOAP Security Vulnerability in CoreWCF Product by CoreWCF
CVE-2026-54783
7.4HIGH
What is CVE-2026-54783?
CoreWCF, a .NET Core implementation of Windows Communication Foundation, suffers from a vulnerability where the WS-Security signature verification does not guarantee that the selected signature is aligned with the expected security header target. This oversight could allow an attacker to replay signature-captured SOAP envelopes to execute arbitrary service operations as if they were the intended user. To mitigate this issue, users are advised to upgrade to CoreWCF versions 1.8.1 or 1.9.1, which contain the necessary fixes.
Affected Version(s)
CoreWCF >= 1.9.0, < 1.9.1 < 1.9.0, 1.9.1
CoreWCF < 1.8.1 < 1.8.1
