PT-2026-51069 · Nuget · Corewcf.Netframingbase

Publicado

2026-06-19

·

Atualizado

2026-06-19

·

CVE-2026-54772

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact

An unauthenticated remote attacker can pin one server thread‑pool worker at 100 % CPU per connection. With a few connections, the CPU usage can be exhausted.

Preconditions

An attacker being able to reach a service which is exposing an endpoint using one of NetTcpBinding, NetNamedPipeBinding, or UnixDomainSocketBinding.

Patches

Fixed in CoreWCF v1.8.1 and v1.9.1

Workarounds

None

Correção

Resource Exhaustion

Infinite Loop

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400CWE-835

Identificadores relacionados

CVE-2026-54772
GHSA-P86G-XRR2-PF7C

Produtos afetados

Corewcf.Netframingbase