Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3858 articles · 169563 vulns · 37/41 feeds (7d)
← Back to list
6.5
CVE-2026-58011EXPLOITEDPATCHED
the gnome project · glib

Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime

Description

A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the g_date_time_add_full function is processed. This flaw can corrupt the date output and potentially cause logic errors that may lead to a denial of service.

Affected Products

VendorProductVersions
the gnome projectglib0, 0

References

  • https://access.redhat.com/security/cve/CVE-2026-58011(vdb-entry, x_refsource_REDHAT)
  • https://bugzilla.redhat.com/show_bug.cgi?id=2492245(issue-tracking, x_refsource_REDHAT)
  • https://gitlab.gnome.org/GNOME/glib/-/issues/3917

Related News (2 articles)

Tier A
Microsoft MSRC3h ago
CVE-2026-58011 Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime
→ No new info (linked only)
Tier C
VulDB19h ago
CVE-2026-58011 | GNOME GLib prior 2.86.5/2.88.1 glib/gdatetime.c g_date_time_get_ymd out-of-bounds (ID 3917)
→ No new info (linked only)
CVSS 3.16.5 CRITICAL
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
2.86.52.88.1
CWECWE-125
PublishedJun 30, 2026
Last enriched19h agov2
Tags
CVE-2026-58011
Trending Score78
Source articles2
Independent2
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-58012EXP
Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()
Trending: 70
HIGHCVE-2026-58016EXP
Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"
Trending: 67
CRITICALCVE-2026-58015EXP
Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive
Trending: 60
NONECVE-2026-6324EXP
Libsoup: libsoup: http request smuggling via unsigned to signed conversion error
Trending: 1
NONECVE-2018-25305EXP
librsvg2-bin 2.40.13 Buffer Overflow via Malformed SVG

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jun 30, 2026
Discovered by ZDM
Jun 30, 2026
Actively Exploited
Jun 30, 2026
Patch Available
Jun 30, 2026
Updated: severity, activelyExploited, tags
Jun 30, 2026

Version History

v2
Last enriched 19h ago
v2Tier C19h ago

Updated severity to CRITICAL, marked as actively exploited, and added CVE-2026-58011 tag.

severityactivelyExploitedtags
via VulDB
v121h ago

Initial creation