CVE-2026-54778
MEDIUM
6.2
CVSS 3.1
Description
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF UnixDomainSocket POSIX peer identity resolution uses non-reentrant getpwuid and getgrgid calls, allowing concurrent connections to attribute one connection's identity to another or crash the host process under contention. This issue is fixed in versions 1.8.1 and 1.9.1.
Metadata
Severity & Metrics
6.2
MEDIUM CVSS 3.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| CoreWCF | CoreWCF | — | >= 1.9.0, < 1.9.1, < 1.8.1 |
Weakness (CWE)
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 6.2 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H |
References (6)
- https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-q6v9-43v5-jv9q https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-q6v9-43v5-jv9q
- https://github.com/CoreWCF/CoreWCF/commit/a3d95ea4627b818995e92c7def4c016164cacfce https://github.com/CoreWCF/CoreWCF/commit/a3d95ea4627b818995e92c7def4c016164cacfce
- https://github.com/CoreWCF/CoreWCF/commit/b0acb105589b455a095ea5ff49f5191e4eeff791 https://github.com/CoreWCF/CoreWCF/commit/b0acb105589b455a095ea5ff49f5191e4eeff791
- https://github.com/CoreWCF/CoreWCF/commit/b4867547c94bb088568935d581a55dda18a621e1 https://github.com/CoreWCF/CoreWCF/commit/b4867547c94bb088568935d581a55dda18a621e1
- https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1 https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1
- https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1 https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1