CVE-2026-54782
CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation
描述
### Impact Full impersonation of any principal the trusted STS could have issued an assertion for — including administrative principals when the relying party grants them via SAML claims. Affects both SAML 1.1 and SAML 2.0. #### Preconditions Relying-party service is hosted with WSFederationHttpBinding or WS2007FederationHttpBinding (or any binding that triggers FederatedSecurityTokenManager for issued-token validation), and IdentityConfiguration is wired (UseIdentityConfiguration = true). Attacker can reach the service over the network and knows the trusted STS’s public certificate (public certs are by design discoverable). ### Patches Fixed in CoreWCF v1.8.1 and v1.9.1 ### Workarounds None
如何修補 CVE-2026-54782
要修補 CVE-2026-54782,請將受影響套件升級到下列已修補版本。
- —升級至 1.8.1 或更新版本
CVE-2026-54782 正在被利用嗎?
目前沒有被利用訊號。CVE-2026-54782 既不在 CISA KEV 也沒有最新的 EPSS 分數。
受影響套件(1)
- from 0, < 1.8.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL10.0 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N |