Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-54781
Received
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-08 Jul, 2026 | 23:16
Updated At-09 Jul, 2026 | 16:16

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token validation does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom confirmation method assertions to authenticate a subject without proving authority over the assertion. This issue is fixed in versions 1.8.1 and 1.9.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.4HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
N/A
Type: Secondary
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-287Secondarysecurity-advisories@github.com
CWE-345Secondarysecurity-advisories@github.com
CWE ID: CWE-287
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-345
Type: Secondary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/CoreWCF/CoreWCF/commit/6a99df3242f54acd6f89edfd6050430b72d0c685security-advisories@github.com
N/A
https://github.com/CoreWCF/CoreWCF/commit/86dd3232b6b8aaf32281be9e8d798afad6145d58security-advisories@github.com
N/A
https://github.com/CoreWCF/CoreWCF/commit/9eb9b46d1c2af06fb71f656a02f4d5b4649c1f03security-advisories@github.com
N/A
https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1security-advisories@github.com
N/A
https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1security-advisories@github.com
N/A
https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-48pq-2xq3-c2m4security-advisories@github.com
N/A
Hyperlink: https://github.com/CoreWCF/CoreWCF/commit/6a99df3242f54acd6f89edfd6050430b72d0c685
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/CoreWCF/CoreWCF/commit/86dd3232b6b8aaf32281be9e8d798afad6145d58
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/CoreWCF/CoreWCF/commit/9eb9b46d1c2af06fb71f656a02f4d5b4649c1f03
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-48pq-2xq3-c2m4
Source: security-advisories@github.com
Resource: N/A
Change History
0Changes found

Details not found