mediumEPSS 0.003
CoreWCF Kafka Transport Tombstone Record Denial of Service Vulnerability
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent endpoint denial of service for attackers with produce permission. This issue is fixed in versions 1.8.1 and 1.9.1.
CVE-2026-54775corewcfdotnetnugetwcf
Updated Jul 10, 2026