CVE-2026-54783
CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages
描述
### Impact The attacker, with one captured signed SOAP envelope from a victim and no other privileges, can invoke arbitrary operations on the service as the victim principal for the lifetime of the captured signing key. There is no rate limit on replays. The DetectReplays setting on transport-security bindings does not mitigate the issue because the attack does not reuse the original timestamp — the fresh timestamp in the wsse:Security header is what the replay-detection logic inspects. ### Patches Fixed in CoreWCF v1.8.1 and v1.9.1 ### Workarounds Ensure communication is protected by SSL/TLS to prevent capturing of signed SOAP envelope.
如何修補 CVE-2026-54783
要修補 CVE-2026-54783,請將受影響套件升級到下列已修補版本。
- —升級至 1.8.1 或更新版本
CVE-2026-54783 正在被利用嗎?
目前沒有被利用訊號。CVE-2026-54783 既不在 CISA KEV 也沒有最新的 EPSS 分數。
受影響套件(1)
- from 0, < 1.8.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.4 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |