← Back to CVE List
CVE-2026-54782NVD
Vulnerability Summary
### Impact
Full impersonation of any principal the trusted STS could have issued an assertion for — including administrative principals when the relying party grants them via SAML claims. Affects both SAML 1.1 and SAML 2.0.
#### Preconditions
Relying-party service is hosted with WSFederationHttpBinding or WS2007FederationHttpBinding (or any binding that triggers FederatedSecurityTokenManager for issued-token validation), and IdentityConfiguration is wired (UseIdentityConfiguration = true).
Attacker can reach the service over the network and knows the trusted STS’s public certificate (public certs are by design discoverable).
### Patches
Fixed in CoreWCF v1.8.1 and v1.9.1
### Workarounds
None
Full impersonation of any principal the trusted STS could have issued an assertion for — including administrative principals when the relying party grants them via SAML claims. Affects both SAML 1.1 and SAML 2.0.
#### Preconditions
Relying-party service is hosted with WSFederationHttpBinding or WS2007FederationHttpBinding (or any binding that triggers FederatedSecurityTokenManager for issued-token validation), and IdentityConfiguration is wired (UseIdentityConfiguration = true).
Attacker can reach the service over the network and knows the trusted STS’s public certificate (public certs are by design discoverable).
### Patches
Fixed in CoreWCF v1.8.1 and v1.9.1
### Workarounds
None
CVSS v3.1 Base Metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityNone