CVE-2026-54782
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and
CVSS
10.0
Critical
EPSS
0.2%
p16
KEV
—
Exploit Today
5
0-100
Published: Jul 8, 2026 · Last modified: Jul 10, 2026 · CWE-290 · CWE-347
0.2%EPSS · 30 days0.2%
2026-07-092026-07-19
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated bindings, allowing an unauthenticated remote attacker to impersonate any principal the trusted STS could issue. This issue is fixed in versions 1.8.1 and 1.9.1.
- github.comhttps://github.com/CoreWCF/CoreWCF/commit/0b8c8af851260e85e8402af53233d1b8f87dfb6f
- github.comhttps://github.com/CoreWCF/CoreWCF/commit/0e63c2cca55763d8be6b226a234579280a09e7b6
- github.comhttps://github.com/CoreWCF/CoreWCF/commit/e5cc9b6a4ecc102a50d782093bfc72e0790abe3d
- github.comhttps://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1
- github.comhttps://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1
- github.comhttps://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-xjr9-gg9q-jx3v
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-4855810.0 CRI63.6%
KEV—69SimpleHelp Authentication Bypass Vulnerability19dCVE-2026-403729.1 CRI95.5%
——29Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.5dCVE-2018-53539.8 CRI95.4%
——29The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. Additionally, if the web server has a misconfigured certificate then no spoofing attack is required11dCVE-2026-290009.1 CRI92.4%
——28pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT with arbitrary subject and role claims, bypassing signature verification to authenticate as any user including administrators.5dCVE-2020-288567.5 HIG82.3%
——25OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP address based access controls.11dCVE-2018-53548.8 HIG76.5%
——23The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing. When the client is configured to use HTTP, it does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP.11d