Skip to main content

CoreWCF UnixDomainSocket CVE-2026-54778

MEDIUM
Race Condition (CWE-362)
2026-06-19 https://github.com/CoreWCF/CoreWCF GHSA-q6v9-43v5-jv9q
6.2
CVSS 3.1 · Vendor: https://github.com/CoreWCF/CoreWCF
Share

Severity by source

Vendor (https://github.com/CoreWCF/CoreWCF) PRIMARY
6.2 MEDIUM
AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
vuln.today AI
6.2 MEDIUM

Unix Domain Socket limits attack vector to local; race condition requires precise timing (AC:H); socket access needs no credentials by default (PR:N); process crash drives A:H.

3.1 AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
4.0 AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (https://github.com/CoreWCF/CoreWCF).

CVSS VectorVendor: https://github.com/CoreWCF/CoreWCF

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
High

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 19, 2026 - 21:50 vuln.today
Analysis Generated
Jun 19, 2026 - 21:50 vuln.today

DescriptionCVE.org

Impact

Race condition in POSIX peer identity resolution may attribute one connection’s identity to another (getpwuid/getgrgid non-reentrant) and may crash the host process under contention.

Patches

Fixed in CoreWCF v1.8.1 and v1.9.1

Workarounds

Restrict UDS filesystem permissions so that only trusted local users can connect to the socket path. The race still exists but the attacker pool is constrained.

AnalysisAI

Race condition in CoreWCF.UnixDomainSocket peer identity resolution can cause one connection's POSIX identity to be misattributed to another connection, or crash the host process under contention. The root cause is the library's use of the non-reentrant POSIX functions getpwuid and getgrgid in concurrent connection handling paths, affecting all CoreWCF.UnixDomainSocket versions below 1.8.1 and 1.9.x versions below 1.9.1. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local host access
Delivery
Confirm UDS socket path is accessible
Exploit
Open high-concurrency simultaneous connections
Execution
Race non-reentrant getpwuid/getgrgid calls server-side
Impact
Obtain misattributed peer identity or crash host process

Vulnerability AssessmentAI

Exploitation The target .NET service must be using the CoreWCF.UnixDomainSocket NuGet package at a vulnerable version (< 1.8.1 or 1.9.0 to < 1.9.1) and must be processing peer identity resolution for incoming UDS connections - meaning the application must be configured to use Unix Domain Socket transport with POSIX peer authentication enabled. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-assigned CVSS 6.2 score is consistent with the available data. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user on the same host with read-write access to the UDS socket path opens a high volume of simultaneous connections to a CoreWCF service, racing concurrent invocations of `getpwuid`/`getgrgid` in the server's identity resolution code. Under sufficient contention, the attacker's connection receives the resolved UID/GID of a concurrently connecting higher-privileged process (identity confusion allowing privilege escalation within the application's authorization model), or the corrupted buffer state triggers an unhandled exception that crashes the .NET host process. …
Remediation Upgrade CoreWCF.UnixDomainSocket to v1.8.1 (if on the 1.8.x branch) or v1.9.1 (if on the 1.9.x branch), as confirmed by the vendor GitHub Security Advisory at https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-q6v9-43v5-jv9q. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-54778 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy