UnixDomainSocket Vulnerability in CoreWCF by CoreWCF
CVE-2026-54778
6.2MEDIUM
What is CVE-2026-54778?
CoreWCF, a port of Windows Communication Foundation to .NET Core, has a vulnerability in its UnixDomainSocket implementation prior to versions 1.8.1 and 1.9.1. This flaw involves the use of non-reentrant 'getpwuid' and 'getgrgid' calls, which can lead to identity resolution issues. Specifically, concurrent connections may mistakenly attribute one connection's identity to another, resulting in potential crashes of the host process under contention. This critical bug has been resolved in the latest versions, ensuring improved stability and security.
Affected Version(s)
CoreWCF >= 1.9.0, < 1.9.1 < 1.9.0, 1.9.1
CoreWCF < 1.8.1 < 1.8.1
