PatchSiren

CoreWCF CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM CoreWCF CVE published 2026-07-08

CVE-2026-54773

A vulnerability in CoreWCF, a port of the service side of Windows Communication Foundation (WCF) to .NET Core, allows an unauthenticated remote attacker to cause WSSecurityOneDotZeroReceiveSecurityHeader to verify an attacker-supplied signature instead of the security header signature. This issue is fixed in versions 1.8.1 and 1.9.1. The vulnerability affects users of CoreWCF versions prior to 1.8.1 and 1 [truncated]