A vulnerability was found in CoreWCF up to 1.8.0/1.9.0. It has been declared as critical. The impacted element is the function
WSSecurityOneDotZeroReceiveSecurityHeader of the component WS-Security Handler. Such manipulation leads to improper verification of cryptographic signature.
This vulnerability is traded as CVE-2026-54773. The attack may be launched remotely. There is no exploit available.