Corewcf
by CoreWCF
Source repositories
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-54782 | cri | 0.52 | — | — | Jun 19, 2026 | ### Impact Full impersonation of any principal the trusted STS could have issued an assertion for — including administrative principals when the relying party grants them via SAML claims. Affects both SAML 1.1 and SAML 2.0. #### Preconditions Relying-party service is hosted… | ||
| CVE-2026-54784 | hig | 0.38 | — | — | Jun 19, 2026 | ### Impact When the proof key recovered from the RSTR can be observed by a party that is not the legitimate client, that party can impersonate the authenticated Windows principal for the lifetime of the SCT (default ~10 hours) and decrypt or forge any subsequent… | ||
| CVE-2026-54783 | hig | 0.38 | — | — | Jun 19, 2026 | ### Impact The attacker, with one captured signed SOAP envelope from a victim and no other privileges, can invoke arbitrary operations on the service as the victim principal for the lifetime of the captured signing key. There is no rate limit on replays. The DetectReplays… | ||
| CVE-2026-54781 | hig | 0.38 | — | — | Jun 19, 2026 | ### Impact The relying application is given a ClaimsPrincipal for a subject whose authority over the assertion the sender never proved. There are two distinct exploit shapes: - Holder-of-key downgrade. An attacker who obtains a holder-of-key SAML assertion that was issued… | ||
| CVE-2026-54774 | hig | 0.38 | — | — | Jun 19, 2026 | ### Impact When a service is configured to validate SAML tokens using a method other than X.509 certificate signing, the final signature verification is skipped. #### Preconditions The service is configured to authenticate using SAML tokens and an out of band token resolver… | ||
| CVE-2026-54772 | hig | 0.38 | — | — | Jun 19, 2026 | ### Impact An unauthenticated remote attacker can pin one server thread‑pool worker at 100 % CPU per connection. With a few connections, the CPU usage can be exhausted. #### Preconditions An attacker being able to reach a service which is exposing an endpoint using one of… | ||
| CVE-2026-54780 | low | 0.00 | — | — | Jun 19, 2026 | ### Impact CoreWCF’s WS-Security 1.0 receive pipeline validates the `SignatureMethod` of an incoming `ds:SignedInfo` against the configured `SecurityAlgorithmSuite`, but does not validate the `DigestMethod` declared on each `ds:Reference`. As a result, a sender can populate… | ||
| CVE-2026-54779 | 0.00 | — | — | Jun 19, 2026 | ### Impact When enabling DetectReplayedTokens, a token can be replayed and will be detected despite it being reused. ### Patches Fixed in CoreWCF v1.8.1 and v1.9.1 ### Workarounds Provide your own implementation of `ITokenReplayCache` with the correct behavior. | |||
| CVE-2026-54778 | 0.00 | — | — | Jun 19, 2026 | ### Impact Race condition in POSIX peer identity resolution may attribute one connection’s identity to another (getpwuid/getgrgid non-reentrant) and may crash the host process under contention. ### Patches Fixed in CoreWCF v1.8.1 and v1.9.1 ### Workarounds Restrict UDS… | |||
| CVE-2026-54777 | 0.00 | — | — | Jun 19, 2026 | ### Impact CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic. NetNamedPipe creates a shared memory object based on the listening url, then generated a unique GUID for the named pipe it will be… | |||
| CVE-2026-54776 | 0.00 | — | — | Jun 19, 2026 | ### Impact A CoreWCF service hosted on Unix Domain Sockets with the PosixIdentity client credential type (UnixDomainSocketBinding with Security.Mode = TransportCredentialOnly and Security.Transport.ClientCredentialType = PosixIdentity) does not require the client to perform the… | |||
| CVE-2026-54775 | 0.00 | — | — | Jun 19, 2026 | ### Impact A CoreWCF service is running and listening on a Kafka topic receiving a null-value record will stop processing new records from that topic. #### Preconditions The attacker has produce/write permission on a topic that CoreWCF is consuming from. If the broker permits… | |||
| CVE-2026-54773 | 0.00 | — | — | Jun 19, 2026 | ### Impact An unauthenticated remote attacker who can place a SOAP header lexically before `wsse:Security` can embed a `ds:Signature` of their choosing inside that header and cause the server to verify the attacker-supplied signature instead of the one carried in the security… | |||
| CVE-2024-28252 | 0.00 | — | 0.01 | Mar 15, 2024 | CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. If you have a NetFraming based CoreWCF service, extra system resources could be consumed by connections being left established instead of closing or aborting them. There are two… |
- risk 0.52cvss —epss —
### Impact Full impersonation of any principal the trusted STS could have issued an assertion for — including administrative principals when the relying party grants them via SAML claims. Affects both SAML 1.1 and SAML 2.0. #### Preconditions Relying-party service is hosted…
- risk 0.38cvss —epss —
### Impact When the proof key recovered from the RSTR can be observed by a party that is not the legitimate client, that party can impersonate the authenticated Windows principal for the lifetime of the SCT (default ~10 hours) and decrypt or forge any subsequent…
- risk 0.38cvss —epss —
### Impact The attacker, with one captured signed SOAP envelope from a victim and no other privileges, can invoke arbitrary operations on the service as the victim principal for the lifetime of the captured signing key. There is no rate limit on replays. The DetectReplays…
- risk 0.38cvss —epss —
### Impact The relying application is given a ClaimsPrincipal for a subject whose authority over the assertion the sender never proved. There are two distinct exploit shapes: - Holder-of-key downgrade. An attacker who obtains a holder-of-key SAML assertion that was issued…
- risk 0.38cvss —epss —
### Impact When a service is configured to validate SAML tokens using a method other than X.509 certificate signing, the final signature verification is skipped. #### Preconditions The service is configured to authenticate using SAML tokens and an out of band token resolver…
- risk 0.38cvss —epss —
### Impact An unauthenticated remote attacker can pin one server thread‑pool worker at 100 % CPU per connection. With a few connections, the CPU usage can be exhausted. #### Preconditions An attacker being able to reach a service which is exposing an endpoint using one of…
- risk 0.00cvss —epss —
### Impact CoreWCF’s WS-Security 1.0 receive pipeline validates the `SignatureMethod` of an incoming `ds:SignedInfo` against the configured `SecurityAlgorithmSuite`, but does not validate the `DigestMethod` declared on each `ds:Reference`. As a result, a sender can populate…
- CVE-2026-54779Jun 19, 2026risk 0.00cvss —epss —
### Impact When enabling DetectReplayedTokens, a token can be replayed and will be detected despite it being reused. ### Patches Fixed in CoreWCF v1.8.1 and v1.9.1 ### Workarounds Provide your own implementation of `ITokenReplayCache` with the correct behavior.
- CVE-2026-54778Jun 19, 2026risk 0.00cvss —epss —
### Impact Race condition in POSIX peer identity resolution may attribute one connection’s identity to another (getpwuid/getgrgid non-reentrant) and may crash the host process under contention. ### Patches Fixed in CoreWCF v1.8.1 and v1.9.1 ### Workarounds Restrict UDS…
- CVE-2026-54777Jun 19, 2026risk 0.00cvss —epss —
### Impact CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic. NetNamedPipe creates a shared memory object based on the listening url, then generated a unique GUID for the named pipe it will be…
- CVE-2026-54776Jun 19, 2026risk 0.00cvss —epss —
### Impact A CoreWCF service hosted on Unix Domain Sockets with the PosixIdentity client credential type (UnixDomainSocketBinding with Security.Mode = TransportCredentialOnly and Security.Transport.ClientCredentialType = PosixIdentity) does not require the client to perform the…
- CVE-2026-54775Jun 19, 2026risk 0.00cvss —epss —
### Impact A CoreWCF service is running and listening on a Kafka topic receiving a null-value record will stop processing new records from that topic. #### Preconditions The attacker has produce/write permission on a topic that CoreWCF is consuming from. If the broker permits…
- CVE-2026-54773Jun 19, 2026risk 0.00cvss —epss —
### Impact An unauthenticated remote attacker who can place a SOAP header lexically before `wsse:Security` can embed a `ds:Signature` of their choosing inside that header and cause the server to verify the attacker-supplied signature instead of the one carried in the security…
- CVE-2024-28252Mar 15, 2024risk 0.00cvss —epss 0.01
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. If you have a NetFraming based CoreWCF service, extra system resources could be consumed by connections being left established instead of closing or aborting them. There are two…