Path Traversal Vulnerability in GLib D-Bus Client Implementation
CVE-2026-58015

5.9MEDIUM

Key Information:

Vendor: Gnome
Status: Glib; Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7
Vendor: CVE Published:; 30 June 2026

What is CVE-2026-58015?

A vulnerability exists in the D-Bus client-side implementation of the SASL authentication mechanism within GLib. The flaw arises from the failure to validate the cookie_context parameter received from potentially compromised D-Bus servers. This could permit an attacker to execute path traversal sequences, allowing them to trick the client into reading arbitrary files. Consequently, sensitive information could be leaked if the client verifies guessed contents against generated hashes. Effective mitigation requires users to ensure they are operating on updated and secured versions of GLib to prevent unauthorized access to sensitive data.

Affected Version(s)

GLib 0 < 2.88.1

References

https://access.redhat.com/security/cve/CVE-2026-58015

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2492256

issue-trackingx_refsource_REDHAT

https://gitlab.gnome.org/GNOME/glib/-/issues/3931

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
Jun 26, 2026

Credit

Red Hat would like to thank Thepwnisher for reporting this issue.

CVE-2026-58015 Data

JSON

Gnome

What is CVE-2026-58015?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit