CoreWCF UnixDomainSocket CVE-2026-54778
MEDIUMSeverity by source
AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Unix Domain Socket limits attack vector to local; race condition requires precise timing (AC:H); socket access needs no credentials by default (PR:N); process crash drives A:H.
Primary rating from Vendor (https://github.com/CoreWCF/CoreWCF).
CVSS VectorVendor: https://github.com/CoreWCF/CoreWCF
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Lifecycle Timeline
2DescriptionCVE.org
Impact
Race condition in POSIX peer identity resolution may attribute one connection’s identity to another (getpwuid/getgrgid non-reentrant) and may crash the host process under contention.
Patches
Fixed in CoreWCF v1.8.1 and v1.9.1
Workarounds
Restrict UDS filesystem permissions so that only trusted local users can connect to the socket path. The race still exists but the attacker pool is constrained.
AnalysisAI
Race condition in CoreWCF.UnixDomainSocket peer identity resolution can cause one connection's POSIX identity to be misattributed to another connection, or crash the host process under contention. The root cause is the library's use of the non-reentrant POSIX functions getpwuid and getgrgid in concurrent connection handling paths, affecting all CoreWCF.UnixDomainSocket versions below 1.8.1 and 1.9.x versions below 1.9.1. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The target .NET service must be using the CoreWCF.UnixDomainSocket NuGet package at a vulnerable version (< 1.8.1 or 1.9.0 to < 1.9.1) and must be processing peer identity resolution for incoming UDS connections - meaning the application must be configured to use Unix Domain Socket transport with POSIX peer authentication enabled. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-assigned CVSS 6.2 score is consistent with the available data. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A local user on the same host with read-write access to the UDS socket path opens a high volume of simultaneous connections to a CoreWCF service, racing concurrent invocations of `getpwuid`/`getgrgid` in the server's identity resolution code. Under sufficient contention, the attacker's connection receives the resolved UID/GID of a concurrently connecting higher-privileged process (identity confusion allowing privilege escalation within the application's authorization model), or the corrupted buffer state triggers an unhandled exception that crashes the .NET host process. … |
| Remediation | Upgrade CoreWCF.UnixDomainSocket to v1.8.1 (if on the 1.8.x branch) or v1.9.1 (if on the 1.9.x branch), as confirmed by the vendor GitHub Security Advisory at https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-q6v9-43v5-jv9q. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-362 – Race Condition
View allSame technique Race Condition
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-q6v9-43v5-jv9q