A vulnerability was found in CoreWCF up to 1.8.0/1.9.0. It has been rated as critical. This affects the function TryAdd of the component SAML Token Replay Cache. Performing a manipulation results in authentication bypass by capture-replay.

This vulnerability is known as CVE-2026-54779. Remote exploitation of the attack is possible. No exploit is available.