Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-54776
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-08 Jul, 2026 | 22:04
Updated At-09 Jul, 2026 | 12:56
Rejected At-
▼CVE Numbering Authority (CNA)
CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching messages, bypassing framing-layer identity checks in UnixPosixIdentitySecurityUpgradeProvider. This issue is fixed in versions 1.8.1 and 1.9.1.

Affected Products
Vendor
CoreWCF
Product
CoreWCF
Versions
Affected
  • >= 1.9.0, < 1.9.1
  • < 1.8.1
Problem Types
TypeCWE IDDescription
CWECWE-306CWE-306: Missing Authentication for Critical Function
Type: CWE
CWE ID: CWE-306
Description: CWE-306: Missing Authentication for Critical Function
Metrics
VersionBase scoreBase severityVector
3.14.4MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-wjpq-6766-7f5j
x_refsource_CONFIRM
https://github.com/CoreWCF/CoreWCF/commit/994431268e3362c0cd126450fe2a135c202551f3
x_refsource_MISC
https://github.com/CoreWCF/CoreWCF/commit/9af16955e51a57348dafce0019e259a092ef7440
x_refsource_MISC
https://github.com/CoreWCF/CoreWCF/commit/f2f1a05927a88b8a75fa0582fa8ed75eb891e463
x_refsource_MISC
https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1
x_refsource_MISC
https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1
x_refsource_MISC
Hyperlink: https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-wjpq-6766-7f5j
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/CoreWCF/CoreWCF/commit/994431268e3362c0cd126450fe2a135c202551f3
Resource:
x_refsource_MISC
Hyperlink: https://github.com/CoreWCF/CoreWCF/commit/9af16955e51a57348dafce0019e259a092ef7440
Resource:
x_refsource_MISC
Hyperlink: https://github.com/CoreWCF/CoreWCF/commit/f2f1a05927a88b8a75fa0582fa8ed75eb891e463
Resource:
x_refsource_MISC
Hyperlink: https://github.com/CoreWCF/CoreWCF/releases/tag/v1.8.1
Resource:
x_refsource_MISC
Hyperlink: https://github.com/CoreWCF/CoreWCF/releases/tag/v1.9.1
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Details not found