CoreWCF Vulnerability in Unix Domain Sockets
CVE-2026-54776
4.4MEDIUM
What is CVE-2026-54776?
A vulnerability in CoreWCF allows a service hosted on Unix Domain Sockets with PosixIdentity client credentials to accept connections that skip essential application/unixposix stream upgrades. This oversight leads to bypassing critical framing-layer identity checks within the UnixPosixIdentitySecurityUpgradeProvider. Following the identification of this issue, versions 1.8.1 and 1.9.1 of CoreWCF were released to mitigate this risk, ensuring more secure connection handling.
Affected Version(s)
CoreWCF >= 1.9.0, < 1.9.1 < 1.9.0, 1.9.1
CoreWCF < 1.8.1 < 1.8.1
