GHSA-wjpq-6766-7f5jMediumCVSS 4.4

CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade

Published
June 19, 2026
Last Modified
June 19, 2026

🔗 CVE IDs covered (1)

📋 Description

Impact

A CoreWCF service hosted on Unix Domain Sockets with the PosixIdentity client credential type (UnixDomainSocketBinding with Security.Mode = TransportCredentialOnly and Security.Transport.ClientCredentialType = PosixIdentity) does not require the client to perform the application/unixposix stream upgrade before dispatching messages.

Patches

Fixed in CoreWCF v1.8.1 and v1.9.1

Workarounds

Restrict filesystem access to the UDS socket file using owner/group/mode (e.g. chmod 0660 plus a dedicated group) so that only the POSIX users who are already authorized to invoke the service can connect at all. This makes the missing-upgrade behaviour equivalent to the operating system’s filesystem permissions instead of relying on framing-layer identity checks. Avoid relying on ServiceSecurityContext.PrimaryIdentity for authorization decisions, or back it up with an authentication-required authorization policy that rejects anonymous principals.

🎯 Affected products2

  • nuget/CoreWCF.UnixDomainSocket:< 1.8.1
  • nuget/CoreWCF.UnixDomainSocket:>= 1.9.0, < 1.9.1

🔗 References (2)