CVE-2026-54783
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security
CVSS
7.4
High
EPSS
0.1%
p4
KEV
—
Exploit Today
1
0-100
Published: Jul 8, 2026 · Last modified: Jul 10, 2026 · CWE-294 · CWE-345 · CWE-347
0.1%EPSS · 30 days0.1%
2026-07-092026-07-16
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and supporting signature verification does not ensure the selected ds:Signature covers the expected Security header target, allowing an attacker with one captured signed SOAP envelope to replay arbitrary service operations as the victim principal. This issue is fixed in versions 1.8.1 and 1.9.1.
- github.comhttps://github.com/CoreWCF/CoreWCF/commit/0589692d4b9a41d21b34ac48281e95f6df7f4ce5
- github.comhttps://github.com/CoreWCF/CoreWCF/commit/30aef805270976c42477e3f2a05f4e563d86e247
- github.comhttps://github.com/CoreWCF/CoreWCF/commit/4618f24165ad018ad3ed2636bf8c3bc87d2a3be2
- github.comhttps://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1
- github.comhttps://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1
- github.comhttps://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-gqv6-pwcg-87r8
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-4855810.0 CRI63.5%
KEV—69SimpleHelp Authentication Bypass Vulnerability17dCVE-2026-403729.1 CRI95.5%
——29Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.3dCVE-2026-290009.1 CRI92.4%
——28pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT with arbitrary subject and role claims, bypassing signature verification to authenticate as any user including administrators.3dCVE-2026-118569.8 CRI60.9%
——18Successfully using libcurl to do a transfer to a specific HTTP origin
(`hostA`) with **Digest** authentication and then changing the origin to a
different one (`hostB`) for a second transfer, reusing the same handle, makes
libcurl wrongly pass on the `Authorization:` header field meant for `hostA`,
to `hostB`.10dCVE-2020-273747.5 HIG51.9%
——16Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to BP Monitoring.9dCVE-2026-33387.5 HIG51.8%
——16Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes.
Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.3d