GHSA-9jr3-rj99-8jq3MediumCVSS 5.9

CoreWCF: SAML token replay protection is inoperative

Published
June 19, 2026
Last Modified
June 19, 2026

🔗 CVE IDs covered (1)

📋 Description

Impact

When enabling DetectReplayedTokens, a token can be replayed and will be detected despite it being reused.

Patches

Fixed in CoreWCF v1.8.1 and v1.9.1

Workarounds

Provide your own implementation of ITokenReplayCache with the correct behavior.

🎯 Affected products2

  • nuget/CoreWCF.Primitives:< 1.8.1
  • nuget/CoreWCF.Primitives:>= 1.9.0, < 1.9.1

🔗 References (2)