PT-2026-51069 · Nuget · Corewcf.Netframingbase

Published

2026-06-19

·

Updated

2026-06-19

·

CVE-2026-54772

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact

An unauthenticated remote attacker can pin one server thread‑pool worker at 100 % CPU per connection. With a few connections, the CPU usage can be exhausted.

Preconditions

An attacker being able to reach a service which is exposing an endpoint using one of NetTcpBinding, NetNamedPipeBinding, or UnixDomainSocketBinding.

Patches

Fixed in CoreWCF v1.8.1 and v1.9.1

Workarounds

None

Fix

Resource Exhaustion

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-835

Related Identifiers

CVE-2026-54772
GHSA-P86G-XRR2-PF7C

Affected Products

Corewcf.Netframingbase