HIGHVulnerability
Verified
Global

NVD HIGH: CVE-2026-58015 — A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKI...

·Source: NIST NVD

Updated:

Executive Summary

A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context containing path traversal sequences, causing the client to read an arbitrary file and exfiltrate sensitive data by verifying guessed file contents against a

Analysis

A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context containing path traversal sequences, causing the client to read an arbitrary file and exfiltrate sensitive data by verifying guessed file contents against a generated hash. CVSS Score: 5.9. Published: 2026-06-30T13:19:17.707.

Indicators of Compromise (1)

CVE (1)
CVE-2026-58015
Source Attribution

Originally published by NIST NVD on Jun 30, 2026. Verified by: NIST.

Related Threats