CVE-2026-54784

Source
https://cve.org/CVERecord?id=CVE-2026-54784
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-54784.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-54784
Aliases
Published
2026-07-08T22:18:13.846Z
Modified
2026-07-11T03:53:38.466237212Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality
Details

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. In version 1.9.0, CoreWCF SPNEGO SecurityContextToken negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session establishment are used, allowing an observer to impersonate the authenticated Windows principal and decrypt or forge WS-SecureConversation traffic. This issue is fixed in version 1.9.1.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/54xxx/CVE-2026-54784.json",
    "cwe_ids": [
        "CWE-311",
        "CWE-523"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/corewcf/corewcf

Affected ranges

Type
GIT
Repo
https://github.com/corewcf/corewcf
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "1.9.0"
        },
        {
            "fixed": "1.9.1"
        }
    ]
}

Affected versions

v1.*
v1.9.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-54784.json"