CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-54784

highCVSS 7.4covered by 1 sourcefirst seen 2026-07-08
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. In version 1.9.0, CoreWCF SPNEGO SecurityContextToken negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session establishment are used, allowing an observer to impersonate the authenticated Windows principal and decrypt or forge WS-SecureConversation traffic. This issue is fixed in version 1.9.1.

⚡ Watch CVE-2026-54784

Get an email if CVE-2026-54784 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-54784

CVE.org record

Embed the live status

CVE-2026-54784 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-54784 status](https://www.csirts.com/badge/CVE-2026-54784)](https://www.csirts.com/cve/CVE-2026-54784)