Skip to main content

GLib EUVDEUVD-2026-40318

| CVE-2026-58015 HIGH
Path Traversal (CWE-22)
2026-06-30 secalert@redhat.com GHSA-hmpf-72wc-2r6x
7.5
CVSS 3.1 · NVD
Share

Severity by source

Vendor (redhat) PRIMARY
MEDIUM
qualitative
NVD
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
6.5 MEDIUM

Network-reachable via TCP D-Bus and low complexity, but the victim client must be induced to connect to the malicious server (UI:R); only confidentiality is impacted (C:H, I:N, A:N).

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (redhat).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

7
Analysis Updated
Jul 01, 2026 - 18:14 vuln.today
v3 (cvss_changed)
Analysis Updated
Jul 01, 2026 - 18:14 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 01, 2026 - 18:07 vuln.today
cvss_changed
Severity Changed
Jul 01, 2026 - 18:07 NVD
MEDIUM HIGH
CVSS changed
Jul 01, 2026 - 18:07 NVD
5.9 (MEDIUM) 7.5 (HIGH)
Patch available
Jun 30, 2026 - 16:01 EUVD
Analysis Generated
Jun 30, 2026 - 13:36 vuln.today

DescriptionNVD

A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context containing path traversal sequences, causing the client to read an arbitrary file and exfiltrate sensitive data by verifying guessed file contents against a generated hash.

AnalysisAI

Arbitrary file disclosure in GLib's GDBus client affects the DBUS_COOKIE_SHA1 SASL authentication mechanism, where the client fails to validate the server-supplied cookie_context parameter. A malicious or compromised D-Bus server can send a cookie_context containing path traversal sequences, forcing the client to read attacker-chosen files and leak their contents by confirming guessed values against the returned authentication hash. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Lure GLib client to malicious D-Bus server
Delivery
Offer DBUS_COOKIE_SHA1 SASL mechanism
Exploit
Send cookie_context with '../' traversal
Execution
Client reads attacker-chosen file
Persist
Use hash responses as content oracle
Impact
Exfiltrate sensitive file data

Vulnerability AssessmentAI

Exploitation Exploitation requires that a GLib-based D-Bus client (GDBus, versions before 2.88.1) be induced to connect to an attacker-controlled or compromised D-Bus server and negotiate the DBUS_COOKIE_SHA1 SASL mechanism - this mechanism is used on non-EXTERNAL transports such as TCP, not on standard local Unix-socket buses that use EXTERNAL auth. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are broadly consistent and point to a real but non-urgent issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker stands up a malicious D-Bus server (or compromises one) and induces a victim application built on GLib to connect and negotiate DBUS_COOKIE_SHA1 authentication. The server returns a cookie_context laced with '../' traversal sequences pointing at a sensitive file (for example a private key or credential file readable by the client process), then uses the client's authentication hash responses as an oracle to confirm guessed file contents byte-by-byte. …
Remediation Vendor-released patch: upgrade GLib to 2.88.1 or later, which adds validation of the cookie_context parameter; on Red Hat Enterprise Linux 6-10, apply the distribution's updated glib2 package once published and track status via https://access.redhat.com/security/cve/CVE-2026-58015 and the upstream fix at https://gitlab.gnome.org/GNOME/glib/-/issues/3931. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory systems running GLib/GDBus; identify those with D-Bus servers exposed to untrusted networks or services. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-32463 CRITICAL POC
9.3 Jun 30

Sudo before 1.9.17p1 contains a local root escalation vulnerability (CVE-2025-32463, CVSS 9.3) through the --chroot opti

CVE-2024-6387 HIGH POC
8.1 Jul 01

Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to

CVE-2024-12085 HIGH POC
7.5 Jan 14

A flaw was found in rsync which could be triggered when rsync compares file checksums. Rated high severity (CVSS 7.5), t

CVE-2024-12084 CRITICAL POC
9.8 Jan 15

A heap-based buffer overflow flaw was found in the rsync daemon. Rated critical severity (CVSS 9.8), this vulnerability

CVE-2025-6021 HIGH POC
7.5 Jun 12

Stack-based buffer overflow in libxml2's xmlBuildQName function allows remote unauthenticated attackers to crash affecte

CVE-2024-12087 HIGH POC
7.5 Jan 14

Server-to-client path traversal in rsync lets a malicious or compromised rsync server write files outside the client's i

CVE-2024-0553 HIGH POC
7.5 Jan 16

A vulnerability was found in GnuTLS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no auth

CVE-2025-46397 HIGH POC
7.8 Apr 23

A flaw was found in xfig. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit co

CVE-2025-5914 HIGH POC
7.8 Jun 09

CVE-2025-5914 is an integer overflow vulnerability in libarchive's archive_read_format_rar_seek_data() function that lea

CVE-2025-3155 HIGH POC
7.4 Apr 03

A flaw was found in Yelp. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication

CVE-2025-2784 MEDIUM POC
6.5 Apr 03

A flaw was found in libsoup. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authenticati

CVE-2024-12086 MEDIUM POC
6.8 Jan 14

A flaw was found in rsync. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authenticati

Share

EUVD-2026-40318 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy