Denial of Service in CoreWCF for .NET Core by CoreWCF
CVE-2026-54775
6.5MEDIUM
What is CVE-2026-54775?
CoreWCF, a .NET Core implementation of Windows Communication Foundation (WCF), is susceptible to a denial of service scenario. A listening service may halt new record processing on a Kafka topic when the KafkaTransportPump encounters a null-value tombstone record. This interruption allows attackers with produce permissions to cause a persistent denial of service. The issue has been resolved in versions 1.8.1 and 1.9.1, ensuring stable operation without the risk of such endpoint failures.
Affected Version(s)
CoreWCF >= 1.9.0, < 1.9.1 < 1.9.0, 1.9.1
CoreWCF < 1.8.1 < 1.8.1
