CVE-2026-54775 in CoreWCF
Zusammenfassung
von MITRE • 09.07.2026
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent endpoint denial of service for attackers with produce permission. This issue is fixed in versions 1.8.1 and 1.9.1.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.