GHSA-gqv6-pwcg-87r8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-gqv6-pwcg-87r8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-gqv6-pwcg-87r8/GHSA-gqv6-pwcg-87r8.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-gqv6-pwcg-87r8
- Aliases
-
- CVE-2026-54783
- Published
- 2026-06-19T20:47:14Z
- Modified
- 2026-06-19T21:00:18.978046078Z
- Severity
-
- 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages
- Details
-
Impact
The attacker, with one captured signed SOAP envelope from a victim and no other privileges, can invoke arbitrary operations on the service as the victim principal for the lifetime of the captured signing key. There is no rate limit on replays. The DetectReplays setting on transport-security bindings does not mitigate the issue because the attack does not reuse the original timestamp — the fresh timestamp in the wsse:Security header is what the replay-detection logic inspects.
Patches
Fixed in CoreWCF v1.8.1 and v1.9.1
Workarounds
Ensure communication is protected by SSL/TLS to prevent capturing of signed SOAP envelope.
- Database specific
{ "github_reviewed": true, "github_reviewed_at": "2026-06-19T20:47:14Z", "nvd_published_at": null, "severity": "HIGH", "cwe_ids": [ "CWE-294", "CWE-345", "CWE-347" ] }- References
Affected packages
NuGet / CoreWCF.Primitives
Package
- Name
- CoreWCF.Primitives
- View open source insights on deps.dev
- Purl
- pkg:nuget/CoreWCF.Primitives
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.1
NuGet / CoreWCF.Primitives
Package
- Name
- CoreWCF.Primitives
- View open source insights on deps.dev
- Purl
- pkg:nuget/CoreWCF.Primitives