CoreWCF.Primitives
NuGet8 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting CoreWCF.Primitivespage 1 of 1
- CVE-2026-54773MEDIUMCVSS 5.9EG 5.9✓ Fixed in 1.9.12026-06-19
vulnerable: 1.9.0
CoreWCF: WS-Security signature substitution via document-wide Signature lookup ### Impact An unauthenticated remote attacker who can place a SOAP header lexically before `wsse:Security` can embed a `ds:Signature` of their choosing inside …
- CVE-2026-54774HIGHCVSS 7.4EG 7.4✓ Fixed in 1.9.12026-06-19
vulnerable: 1.9.0
CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate ### Impact When a service is configured to validate SAML tokens using a method other than X.509 certificate signing, the final s…
- CVE-2026-54779MEDIUMCVSS 5.9EG 5.9✓ Fixed in 1.9.12026-06-19
vulnerable: 1.9.0
CoreWCF: SAML token replay protection is inoperative ### Impact When enabling DetectReplayedTokens, a token can be replayed and will be detected despite it being reused. ### Patches Fixed in CoreWCF v1.8.1 and v1.9.1 ### Workarounds Pro…
- CVE-2026-54780LOWCVSS 3.7EG 3.7✓ Fixed in 1.9.12026-06-19
vulnerable: 1.9.0
CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass ### Impact CoreWCF’s WS-Security 1.0 receive pipeline validates the `SignatureMethod` of an incoming `ds:SignedInfo` against the configured `SecurityAlgorithmSuite`, but…
- CVE-2026-54781HIGHCVSS 7.4EG 7.4✓ Fixed in 1.9.12026-06-19
vulnerable: 1.9.0
CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced ### Impact The relying application is given a ClaimsPrincipal for a subject whose authority over the assertion the sender never proved. There are two …
- CVE-2026-54782CRITICALCVSS 10.0EG 10.0✓ Fixed in 1.9.12026-06-19
vulnerable: 1.9.0
CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation ### Impact Full impersonation of any principal the trusted STS could have issued an assertion for — including administrative principals when the relying…
- CVE-2026-54783HIGHCVSS 7.4EG 7.4✓ Fixed in 1.9.12026-06-19
vulnerable: 1.9.0
CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages ### Impact The attacker, with one captured signed SOAP envelope from a victim and no other privileges, ca…
- CVE-2026-54784HIGHCVSS 7.4EG 7.4✓ Fixed in 1.9.12026-06-19
vulnerable: 1.9.0
CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality ### Impact When the proof key recovered from the RSTR can be observed by a party that is not the legitimate client, that party can impersonate the authenticate…
Check whether CoreWCF.Primitives is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for CoreWCF.Primitives CVEs against the assets you own.
Start Free Scan →