CVE-2026-58015
MediumCVSS 5.9Exploitation Probability (EPSS)
Low risk34th percentile — higher than 34% of all known CVEs
Summary
A flaw was found in GLib's D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism. The cookie_context parameter received from the server is not validated, allowing a malicious D-Bus server to supply path traversal sequences. This enables the client to read arbitrary files and exfiltrate sensitive data by verifying guessed file contents against a generated hash.
Risk Assessment
The organization is at risk of sensitive data exfiltration, including passwords, keys, or configurations, via a remote attack from a malicious D-Bus server. The vulnerability allows unauthorized reading of any file on the client system.
Recommendation
Immediately update the GLib library to a version that fixes the validation of the cookie_context parameter. If an update is unavailable, restrict trusted D-Bus connections to verified servers only.
Original NVD description (English source)
A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context containing path traversal sequences, causing the client to read an arbitrary file and exfiltrate sensitive data by verifying guessed file contents against a generated hash.

