CVE-2026-54772
Received Received - Intake

Premature EOF Handling in CoreWCF NetTcpBinding

Vulnerability report for CVE-2026-54772, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: GitHub, Inc.

Description

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, an unauthenticated remote attacker that can reach a NetTcpBinding, NetNamedPipeBinding, or UnixDomainSocketBinding endpoint can trigger premature EOF handling in the CoreWCF net.tcp, net.pipe, or net.uds framing handshake and pin one server thread-pool worker at full CPU per connection. This issue is fixed in versions 1.8.1 and 1.9.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
corewcf corewcf to 1.9.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-835 The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in CoreWCF, a port of the Windows Communication Foundation service to .NET Core. Before versions 1.8.1 and 1.9.1, an unauthenticated remote attacker who can access certain CoreWCF endpoints (NetTcpBinding, NetNamedPipeBinding, or UnixDomainSocketBinding) can cause premature EOF (End Of File) handling during the framing handshake process. This triggers a condition where one server thread-pool worker is pinned at full CPU usage per connection.

Impact Analysis

The impact of this vulnerability is a denial-of-service (DoS) condition. An attacker can cause one server thread-pool worker to be fully consumed at 100% CPU usage for each connection they establish, potentially exhausting server resources and degrading or disrupting service availability.

Mitigation Strategies

To mitigate this vulnerability, upgrade CoreWCF to version 1.8.1 or 1.9.1 where the issue is fixed.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54772. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart