Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-54776

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-08 Jul, 2026 | 22:04
Updated At-09 Jul, 2026 | 12:56
Rejected At-
Credits

CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching messages, bypassing framing-layer identity checks in UnixPosixIdentitySecurityUpgradeProvider. This issue is fixed in versions 1.8.1 and 1.9.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:08 Jul, 2026 | 22:04
Updated At:09 Jul, 2026 | 12:56
Rejected At:
▼CVE Numbering Authority (CNA)
CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching messages, bypassing framing-layer identity checks in UnixPosixIdentitySecurityUpgradeProvider. This issue is fixed in versions 1.8.1 and 1.9.1.

Affected Products
Vendor
CoreWCF
Product
CoreWCF
Versions
Affected
  • >= 1.9.0, < 1.9.1
  • < 1.8.1
Problem Types
TypeCWE IDDescription
CWECWE-306CWE-306: Missing Authentication for Critical Function
Type: CWE
CWE ID: CWE-306
Description: CWE-306: Missing Authentication for Critical Function
Metrics
VersionBase scoreBase severityVector
3.14.4MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-wjpq-6766-7f5j
x_refsource_CONFIRM
https://github.com/CoreWCF/CoreWCF/commit/994431268e3362c0cd126450fe2a135c202551f3
x_refsource_MISC
https://github.com/CoreWCF/CoreWCF/commit/9af16955e51a57348dafce0019e259a092ef7440
x_refsource_MISC
https://github.com/CoreWCF/CoreWCF/commit/f2f1a05927a88b8a75fa0582fa8ed75eb891e463
x_refsource_MISC
https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1
x_refsource_MISC
https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1
x_refsource_MISC
Hyperlink: https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-wjpq-6766-7f5j
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/CoreWCF/CoreWCF/commit/994431268e3362c0cd126450fe2a135c202551f3
Resource:
x_refsource_MISC
Hyperlink: https://github.com/CoreWCF/CoreWCF/commit/9af16955e51a57348dafce0019e259a092ef7440
Resource:
x_refsource_MISC
Hyperlink: https://github.com/CoreWCF/CoreWCF/commit/f2f1a05927a88b8a75fa0582fa8ed75eb891e463
Resource:
x_refsource_MISC
Hyperlink: https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1
Resource:
x_refsource_MISC
Hyperlink: https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:08 Jul, 2026 | 23:16
Updated At:09 Jul, 2026 | 14:16

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching messages, bypassing framing-layer identity checks in UnixPosixIdentitySecurityUpgradeProvider. This issue is fixed in versions 1.8.1 and 1.9.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.4MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
N/A
Type: Secondary
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-306Secondarysecurity-advisories@github.com
CWE ID: CWE-306
Type: Secondary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/CoreWCF/CoreWCF/commit/994431268e3362c0cd126450fe2a135c202551f3security-advisories@github.com
N/A
https://github.com/CoreWCF/CoreWCF/commit/9af16955e51a57348dafce0019e259a092ef7440security-advisories@github.com
N/A
https://github.com/CoreWCF/CoreWCF/commit/f2f1a05927a88b8a75fa0582fa8ed75eb891e463security-advisories@github.com
N/A
https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1security-advisories@github.com
N/A
https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1security-advisories@github.com
N/A
https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-wjpq-6766-7f5jsecurity-advisories@github.com
N/A
Hyperlink: https://github.com/CoreWCF/CoreWCF/commit/994431268e3362c0cd126450fe2a135c202551f3
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/CoreWCF/CoreWCF/commit/9af16955e51a57348dafce0019e259a092ef7440
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/CoreWCF/CoreWCF/commit/f2f1a05927a88b8a75fa0582fa8ed75eb891e463
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-wjpq-6766-7f5j
Source: security-advisories@github.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1Records found

CVE-2012-2736
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.43% / 34.71%
||
7 Day CHG~0.00%
Published-26 Dec, 2019 | 19:53
Updated-06 Aug, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.

Action-Not Available
Vendor-network-managerCanonical Ltd.Debian GNU/LinuxopenSUSEThe GNOME Project
Product-opensusedebian_linuxnetworkmanagerubuntu_linuxnetwork-manager
CWE ID-CWE-306
Missing Authentication for Critical Function
Details not found