VYPR

Corewcf

by CoreWCF

Source repositories

CVEs (14)

  • CVE-2026-54782criJun 19, 2026
    risk 0.52cvss epss 0.00

    ### Impact Full impersonation of any principal the trusted STS could have issued an assertion for — including administrative principals when the relying party grants them via SAML claims. Affects both SAML 1.1 and SAML 2.0. #### Preconditions Relying-party service is hosted…

  • CVE-2024-28252HigMar 15, 2024
    risk 0.49cvss 7.5epss 0.01

    CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. If you have a NetFraming based CoreWCF service, extra system resources could be consumed by connections being left established instead of closing or aborting them. There are two…

  • CVE-2026-54784higJun 19, 2026
    risk 0.38cvss epss 0.00

    ### Impact When the proof key recovered from the RSTR can be observed by a party that is not the legitimate client, that party can impersonate the authenticated Windows principal for the lifetime of the SCT (default ~10 hours) and decrypt or forge any subsequent…

  • CVE-2026-54783higJun 19, 2026
    risk 0.38cvss epss 0.00

    ### Impact The attacker, with one captured signed SOAP envelope from a victim and no other privileges, can invoke arbitrary operations on the service as the victim principal for the lifetime of the captured signing key. There is no rate limit on replays. The DetectReplays…

  • CVE-2026-54781higJun 19, 2026
    risk 0.38cvss epss 0.00

    ### Impact The relying application is given a ClaimsPrincipal for a subject whose authority over the assertion the sender never proved. There are two distinct exploit shapes: - Holder-of-key downgrade. An attacker who obtains a holder-of-key SAML assertion that was issued…

  • CVE-2026-54774higJun 19, 2026
    risk 0.38cvss epss 0.00

    ### Impact When a service is configured to validate SAML tokens using a method other than X.509 certificate signing, the final signature verification is skipped. #### Preconditions The service is configured to authenticate using SAML tokens and an out of band token resolver…

  • CVE-2026-54772higJun 19, 2026
    risk 0.38cvss epss 0.00

    ### Impact An unauthenticated remote attacker can pin one server thread‑pool worker at 100 % CPU per connection. With a few connections, the CPU usage can be exhausted. #### Preconditions An attacker being able to reach a service which is exposing an endpoint using one of…

  • CVE-2026-54780lowJun 19, 2026
    risk 0.00cvss epss 0.00

    ### Impact CoreWCF’s WS-Security 1.0 receive pipeline validates the `SignatureMethod` of an incoming `ds:SignedInfo` against the configured `SecurityAlgorithmSuite`, but does not validate the `DigestMethod` declared on each `ds:Reference`. As a result, a sender can populate…

  • CVE-2026-54779Jun 19, 2026
    risk 0.00cvss epss 0.00

    ### Impact When enabling DetectReplayedTokens, a token can be replayed and will be detected despite it being reused. ### Patches Fixed in CoreWCF v1.8.1 and v1.9.1 ### Workarounds Provide your own implementation of `ITokenReplayCache` with the correct behavior.

  • CVE-2026-54778Jun 19, 2026
    risk 0.00cvss epss 0.00

    ### Impact Race condition in POSIX peer identity resolution may attribute one connection’s identity to another (getpwuid/getgrgid non-reentrant) and may crash the host process under contention. ### Patches Fixed in CoreWCF v1.8.1 and v1.9.1 ### Workarounds Restrict UDS…

  • CVE-2026-54777Jun 19, 2026
    risk 0.00cvss epss 0.00

    ### Impact CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic. NetNamedPipe creates a shared memory object based on the listening url, then generated a unique GUID for the named pipe it will be…

  • CVE-2026-54776Jun 19, 2026
    risk 0.00cvss epss 0.00

    ### Impact A CoreWCF service hosted on Unix Domain Sockets with the PosixIdentity client credential type (UnixDomainSocketBinding with Security.Mode = TransportCredentialOnly and Security.Transport.ClientCredentialType = PosixIdentity) does not require the client to perform the…

  • CVE-2026-54775Jun 19, 2026
    risk 0.00cvss epss 0.00

    ### Impact A CoreWCF service is running and listening on a Kafka topic receiving a null-value record will stop processing new records from that topic. #### Preconditions The attacker has produce/write permission on a topic that CoreWCF is consuming from. If the broker permits…

  • CVE-2026-54773Jun 19, 2026
    risk 0.00cvss epss 0.00

    ### Impact An unauthenticated remote attacker who can place a SOAP header lexically before `wsse:Security` can embed a `ds:Signature` of their choosing inside that header and cause the server to verify the attacker-supplied signature instead of the one carried in the security…