CVE-2026-58015

EUVD-2026-40318
A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context containing path traversal sequences, causing the client to read an arbitrary file and exfiltrate sensitive data by verifying guessed file contents against a generated hash.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
redhatCNA
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
gnomeglib
𝑥
< 2.88.1
CNA
Debian logo
Debian Releases
Debian Product
Codename
glib2.0
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
2.88.2-1
fixed
sid
2.88.2-1
fixed
trixie
vulnerable