CVE-2026-39959

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.1 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H                                    

Vulnerability Description

Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by sending messages with an excessive number of Unix file descriptors, and crash the application by sending malformed message bodies that cause unhandled exceptions on the SynchronizationContext. This vulnerability is fixed in Tmds.DBus 0.92.0 and Tmds.DBus.Protocol 0.92.0 and 0.21.3.

Vulnerability Details

Published Date

April 08, 2026

Last Modified

April 13, 2026

CWE ID

CWE-290

Source

GitHub

Vendor

nuget

Product

Tmds.DBus

External References

https://github.com/tmds/Tmds.DBus/security/advisories/GHSA-xrw6-gwf8-vvr9
https://github.com/tmds/Tmds.DBus/releases/tag/rel%2F0.21.3
https://github.com/tmds/Tmds.DBus/releases/tag/rel%2F0.92.0
https://github.com/advisories/GHSA-xrw6-gwf8-vvr9

CVE-2026-39959

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment