Improper Check for Unusual or Exceptional Conditions Affecting corewcf.kafka package, versions [,1.8.1)[1.9.0,1.9.1)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-DOTNET-COREWCFKAFKA-17398181
- published22 Jun 2026
- disclosed19 Jun 2026
- creditUnknown
Introduced: 19 Jun 2026
NewCVE-2026-54775 (opens in a new tab)How to fix?
Upgrade CoreWCF.Kafka to version 1.8.1, 1.9.1 or higher.
Overview
CoreWCF.Kafka is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core.
Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions through the KafkaTransportPump.OnConsumeMessage path in KafkaTransportPump in the Kafka channel component. An attacker can halt message processing on an endpoint by publishing a Kafka tombstone record with Message.Value == null.
When OnConsumeMessage builds a ReadOnlySequence<byte> from the null value, it throws ArgumentNullException; the consume loop catches that exception, logs it as critical, and breaks out of the loop. A single tombstone from any topic publisher stops the pump from dispatching subsequent messages until the host is restarted, leaving the service unavailable.