Security Risk Category

unix-domain-sockets Security Risks

Published vulnerability pages connected to unix-domain-sockets. One risk can appear in multiple categories while keeping one canonical page.

unix-domain-sockets risks

Showing 3 of 3 published risks.

highEPSS 0.005

CoreWCF Net Framing Premature EOF CPU Denial of Service Vulnerability

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, an unauthenticated remote attacker that can reach a NetTcpBinding, NetNamedPipeBinding, or UnixDomainSocketBinding endpoint can trigger premature EOF handling in the CoreWCF net.tcp, net.pipe, or net.uds framing handshake and pin one server thread-pool worker at full CPU per connection. This issue is fixed in versions 1.8.1 and 1.9.1.

CVE-2026-54772corewcfdotnetnugetwcf

Updated Jul 10, 2026

mediumEPSS 0.001

CoreWCF Unix Domain Socket PosixIdentity Security Upgrade Bypass Vulnerability

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching messages, bypassing framing-layer identity checks in UnixPosixIdentitySecurityUpgradeProvider. This issue is fixed in versions 1.8.1 and 1.9.1.

CVE-2026-54776corewcfdotnetnugetwcf

Updated Jul 10, 2026

mediumEPSS 0.001

CoreWCF Unix Domain Socket POSIX Identity Race Condition Vulnerability

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF UnixDomainSocket POSIX peer identity resolution uses non-reentrant getpwuid and getgrgid calls, allowing concurrent connections to attribute one connection's identity to another or crash the host process under contention. This issue is fixed in versions 1.8.1 and 1.9.1.

CVE-2026-54778corewcfdotnetnugetwcf

Updated Jul 10, 2026