Security Risk Category

nuget Security Risks

Published vulnerability pages connected to nuget. One risk can appear in multiple categories while keeping one canonical page.

nuget risks

Showing 12 of 12 published risks.

highEPSS 0.005

CoreWCF Net Framing Premature EOF CPU Denial of Service Vulnerability

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, an unauthenticated remote attacker that can reach a NetTcpBinding, NetNamedPipeBinding, or UnixDomainSocketBinding endpoint can trigger premature EOF handling in the CoreWCF net.tcp, net.pipe, or net.uds framing handshake and pin one server thread-pool worker at full CPU per connection. This issue is fixed in versions 1.8.1 and 1.9.1.

CVE-2026-54772corewcfdotnetnugetwcf

Updated Jul 10, 2026

mediumEPSS 0.002

CoreWCF WS-Security Document-Wide Signature Lookup Bypass Vulnerability

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security and cause WSSecurityOneDotZeroReceiveSecurityHeader to verify an attacker-supplied signature instead of the security header signature. This issue is fixed in versions 1.8.1 and 1.9.1.

CVE-2026-54773corewcfdotnetnugetwcf

Updated Jul 10, 2026

highEPSS 0.002

CoreWCF SAML Non-X.509 Signature Verification Bypass Vulnerability

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, SamlSerializer skips final SignatureValue verification when a CoreWCF service validates SAML tokens using a non-X.509 signing token, allowing an attacker to reference a non-X.509 SecurityToken key identifier and bypass assertion signature verification. This issue is fixed in versions 1.8.1 and 1.9.1.

CVE-2026-54774corewcfdotnetnugetwcf

Updated Jul 10, 2026

mediumEPSS 0.003

CoreWCF Kafka Transport Tombstone Record Denial of Service Vulnerability

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent endpoint denial of service for attackers with produce permission. This issue is fixed in versions 1.8.1 and 1.9.1.

CVE-2026-54775corewcfdotnetnugetwcf

Updated Jul 10, 2026

mediumEPSS 0.001

CoreWCF Unix Domain Socket PosixIdentity Security Upgrade Bypass Vulnerability

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching messages, bypassing framing-layer identity checks in UnixPosixIdentitySecurityUpgradeProvider. This issue is fixed in versions 1.8.1 and 1.9.1.

CVE-2026-54776corewcfdotnetnugetwcf

Updated Jul 10, 2026

mediumEPSS 0.001

CoreWCF Unix Domain Socket POSIX Identity Race Condition Vulnerability

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF UnixDomainSocket POSIX peer identity resolution uses non-reentrant getpwuid and getgrgid calls, allowing concurrent connections to attribute one connection's identity to another or crash the host process under contention. This issue is fixed in versions 1.8.1 and 1.9.1.

CVE-2026-54778corewcfdotnetnugetwcf

Updated Jul 10, 2026

mediumEPSS 0.003

CoreWCF SAML Token Replay Cache Bypass Vulnerability

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token replay protection is inoperative because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a captured token to be reused. This issue is fixed in versions 1.8.1 and 1.9.1.

CVE-2026-54779corewcfdotnetnugetwcf

Updated Jul 10, 2026

lowEPSS 0.002

CoreWCF WS-Security Weak Digest Algorithm Acceptance Vulnerability

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference DigestMethod, allowing a sender to use a rejected digest algorithm such as SHA-1 while the message is still accepted. This issue is fixed in versions 1.8.1 and 1.9.1.

CVE-2026-54780corewcfdotnetnugetwcf

Updated Jul 10, 2026

highEPSS 0.002

CoreWCF SAML SubjectConfirmation Holder-of-Key Bypass Vulnerability

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token validation does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom confirmation method assertions to authenticate a subject without proving authority over the assertion. This issue is fixed in versions 1.8.1 and 1.9.1.

CVE-2026-54781corewcfdotnetnugetwcf

Updated Jul 10, 2026

criticalEPSS 0.002

CoreWCF SAML Token Signature Validation Authentication Bypass Vulnerability

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated bindings, allowing an unauthenticated remote attacker to impersonate any principal the trusted STS could issue. This issue is fixed in versions 1.8.1 and 1.9.1.

CVE-2026-54782corewcfdotnetnugetwcf

Updated Jul 10, 2026

highEPSS 0.001

CoreWCF WS-Security Signature Target Replay Vulnerability

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and supporting signature verification does not ensure the selected ds:Signature covers the expected Security header target, allowing an attacker with one captured signed SOAP envelope to replay arbitrary service operations as the victim principal. This issue is fixed in versions 1.8.1 and 1.9.1.

CVE-2026-54783corewcfdotnetnugetwcf

Updated Jul 10, 2026

highEPSS 0.002

CoreWCF SPNEGO SecurityContextToken Proof Key Exposure Vulnerability

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. In version 1.9.0, CoreWCF SPNEGO SecurityContextToken negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session establishment are used, allowing an observer to impersonate the authenticated Windows principal and decrypt or forge WS-SecureConversation traffic. This issue is fixed in version 1.9.1.

CVE-2026-54784corewcfdotnetnugetspnego

Updated Jul 10, 2026