UnixDomainSocket Vulnerability in CoreWCF by CoreWCF
CVE-2026-54778

6.2MEDIUM

Key Information:

Vendor

Corewcf

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-54778?

CoreWCF, a port of Windows Communication Foundation to .NET Core, has a vulnerability in its UnixDomainSocket implementation prior to versions 1.8.1 and 1.9.1. This flaw involves the use of non-reentrant 'getpwuid' and 'getgrgid' calls, which can lead to identity resolution issues. Specifically, concurrent connections may mistakenly attribute one connection's identity to another, resulting in potential crashes of the host process under contention. This critical bug has been resolved in the latest versions, ensuring improved stability and security.

Affected Version(s)

CoreWCF >= 1.9.0, < 1.9.1 < 1.9.0, 1.9.1

CoreWCF < 1.8.1 < 1.8.1

References

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.