CVE-2026-54783
CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages
Description
### Impact The attacker, with one captured signed SOAP envelope from a victim and no other privileges, can invoke arbitrary operations on the service as the victim principal for the lifetime of the captured signing key. There is no rate limit on replays. The DetectReplays setting on transport-security bindings does not mitigate the issue because the attack does not reuse the original timestamp — the fresh timestamp in the wsse:Security header is what the replay-detection logic inspects. ### Patches Fixed in CoreWCF v1.8.1 and v1.9.1 ### Workarounds Ensure communication is protected by SSL/TLS to prevent capturing of signed SOAP envelope.
How to fix CVE-2026-54783
To remediate CVE-2026-54783, upgrade the affected package to a fixed version below.
- —upgrade to 1.8.1 or later
Is CVE-2026-54783 being exploited?
No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2026-54783.
Affected packages (1)
- from 0, < 1.8.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.4 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |