AIKIDO-2026-10560
Microsoft.DurableTask.Worker is vulnerable to Denial of Service (DoS)
65
Medium Risk
This Affects:
Microsoft.DurableTask.WorkerTL;DR
The in-process and gRPC worker paths could hit races around continue-as-new and history dispatch so orchestrations or sidecar work queues stopped making progress in ways that were hard to recover. On the gRPC path, a failed write to the worker stream previously cleared the cached client stream even when a newer live stream had already replaced that reference, so the host could get stuck with no way to forward work. The client and worker runtimes add explicit handling for hello deadlines, silent or half-closed gRPC conditions, and stream teardown so the worker can classify disconnects, back off, and rebuild channels instead of stalling, and the stream consumer tags cancellation that comes from that path so the reconnection code runs. Together these are robustness fixes that keep orchestration and activity execution available under flaky networks.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
Microsoft.DurableTask.Worker is vulnerable to Denial of Service (DoS) in versions 1.0.0 - 1.23.3.
How to fix this
Upgrade the Microsoft.DurableTask.Worker library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant