Back to CVE List

CVE-2026-58015

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
5.9 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Vulnerability Description

A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context containing path traversal sequences, causing the client to read an arbitrary file and exfiltrate sensitive data by verifying guessed file contents against a generated hash.

Vulnerability Details

Published Date
Last Modified
Source
NVD
Vendor
GNOME, Red Hat
Product
GLib, Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Hardened Images

External References

Discussion (0)

Add Comment

No comments yet. Be the first!