MEDIUM
CoreWCF
CVE published 2026-07-08
CVE-2026-54773
A vulnerability in CoreWCF, a port of the service side of Windows Communication Foundation (WCF) to .NET Core, allows an unauthenticated remote attacker to cause WSSecurityOneDotZeroReceiveSecurityHeader to verify an attacker-supplied signature instead of the security header signature. This issue is fixed in versions 1.8.1 and 1.9.1. The vulnerability affects users of CoreWCF versions prior to 1.8.1 and 1 [truncated]