Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3879 articles · 169570 vulns · 37/41 feeds (7d)
← Back to list
5.9
CVE-2026-58015EXPLOITEDPATCHED
the gnome project · glib

Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive

Description

A vulnerability, which was classified as critical, has been found in GNOME GLib up to 2.88.0. This issue affects some unknown processing. This manipulation of the argument cookie_context causes path traversal. This vulnerability is handled as CVE-2026-58015. The attack can be initiated remotely.

Affected Products

VendorProductVersions
the gnome projectglib0, 2.88.0

References

  • https://access.redhat.com/security/cve/CVE-2026-58015(vdb-entry, x_refsource_REDHAT)
  • https://bugzilla.redhat.com/show_bug.cgi?id=2492256(issue-tracking, x_refsource_REDHAT)
  • https://gitlab.gnome.org/GNOME/glib/-/issues/3931

Related News (2 articles)

Tier A
Microsoft MSRC4h ago
CVE-2026-58015 Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive
→ No new info (linked only)
Tier C
VulDB20h ago
CVE-2026-58015 | GNOME GLib up to 2.88.0 cookie_context path traversal (ID 3931)
→ No new info (linked only)
CVSS 3.15.9 CRITICAL
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
2.88.1
PublishedJun 30, 2026
Last enriched20h agov2
Tags
remote code executionfile manipulationdenial of servicemultiple vulnerabilities
Trending Score60
Source articles2
Independent2
Info Completeness8/14
Missing: epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-58011EXP
Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime
Trending: 78
CRITICALCVE-2026-58012EXP
Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()
Trending: 70
HIGHCVE-2026-58016EXP
Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"
Trending: 67
NONECVE-2026-6324EXP
Libsoup: libsoup: http request smuggling via unsigned to signed conversion error
Trending: 1
NONECVE-2018-25305EXP
librsvg2-bin 2.40.13 Buffer Overflow via Malformed SVG

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jun 30, 2026
Discovered by ZDM
Jun 30, 2026
Actively Exploited
Jun 30, 2026
Exploit Available
Jun 30, 2026
Patch Available
Jun 30, 2026
Updated: description, affectedVersions, severity, activelyExploited
Jun 30, 2026

Version History

v2
Last enriched 20h ago
v2Tier C20h ago

Updated vendor to GNOME, product to GLib, severity to CRITICAL, and affected versions to 2.88.0, while also correcting the exploit availability status.

descriptionaffectedVersionsseverityactivelyExploited
via VulDB
v123h ago

Initial creation