CoreWCF Unix Domain Socket POSIX Identity Race Condition Vulnerability
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF UnixDomainSocket POSIX peer identity resolution uses non-reentrant getpwuid and getgrgid calls, allowing concurrent connections to attribute one connection's identity to another or crash the host process under contention. This issue is fixed in versions 1.8.1 and 1.9.1.
Quick answer
CoreWCF Project CoreWCF should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.
Who is affected
Affected versions
- CoreWCF before 1.8.1
- CoreWCF 1.9.0 before 1.9.1
Fixed versions
- 1.8.1
- 1.9.1
How to fix it
CoreWCF Unix Domain Socket POSIX identity resolution before 1.8.1 and 1.9.1 can mix identities across concurrent connections or crash the host process. Update CoreWCF and restrict access to Unix socket endpoints.
- Inventory CoreWCF services using UnixDomainSocket transport and POSIX peer identity credentials.
- Upgrade CoreWCF packages to 1.8.1, 1.9.1, or later.
- Restrict Unix socket filesystem permissions to trusted service accounts only.
- Reduce concurrent untrusted access to affected socket endpoints until patching is complete.
- Review service logs for identity mismatches, unexpected user/group attribution, or crash events.
- Run CoreWCF services under dedicated least-privilege accounts.
- Restart affected services after patching to ensure vulnerable code is no longer loaded.
Scan now. Google sign-in is only needed to unlock fix guidance.
Verify the fix
- Confirm CoreWCF UnixDomainSocket packages are patched.
- Run concurrent connection tests and confirm identities do not bleed across requests.
- Verify socket file permissions allow only intended users or groups.
- Review crash and audit logs for identity resolution failures.
- Run a Fixnx scan and confirm no related management endpoints are publicly exposed.
Related categories
Trusted references
FAQ
What is affected by CVE-2026-54778?
CoreWCF Project CoreWCF versions listed as affected should be reviewed: CoreWCF before 1.8.1, CoreWCF 1.9.0 before 1.9.1.
What should I fix first?
Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.
How do I confirm the fix worked?
Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.
Why can this risk appear in multiple categories?
A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.
