Denial of Service in CoreWCF for .NET Core by CoreWCF
CVE-2026-54775

6.5MEDIUM

Key Information:

Vendor

Corewcf

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-54775?

CoreWCF, a .NET Core implementation of Windows Communication Foundation (WCF), is susceptible to a denial of service scenario. A listening service may halt new record processing on a Kafka topic when the KafkaTransportPump encounters a null-value tombstone record. This interruption allows attackers with produce permissions to cause a persistent denial of service. The issue has been resolved in versions 1.8.1 and 1.9.1, ensuring stable operation without the risk of such endpoint failures.

Affected Version(s)

CoreWCF >= 1.9.0, < 1.9.1 < 1.9.0, 1.9.1

CoreWCF < 1.8.1 < 1.8.1

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.