Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3879 articles · 169570 vulns · 37/41 feeds (7d)
← Back to list
7.5
CVE-2026-58016EXPLOITEDPATCHED
the gnome project · glib

Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"

Description

A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property> or <arg>. This issue can cause an unsigned integer overflow and lead to an out-of-bounds read, resulting in a denial of service.

Affected Products

VendorProductVersions
the gnome projectglib0, 2.88.0

References

  • https://access.redhat.com/security/cve/CVE-2026-58016(vdb-entry, x_refsource_REDHAT)
  • https://bugzilla.redhat.com/show_bug.cgi?id=2492257(issue-tracking, x_refsource_REDHAT)
  • https://gitlab.gnome.org/GNOME/glib/-/issues/3932

Related News (2 articles)

Tier A
Microsoft MSRC4h ago
CVE-2026-58016 Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"
→ No new info (linked only)
Tier C
VulDB20h ago
CVE-2026-58016 | GNOME GLib up to 2.88.0 gio/gdbusintrospection.c g_dbus_node_info_new_for_xml integer underflow (ID 3932)
→ No new info (linked only)
CVSS 3.17.5 HIGH
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
null
CWECWE-191
PublishedJun 30, 2026
Last enriched20h agov2
Tags
remote code executionfile manipulationdenial of servicemultiple vulnerabilities
Trending Score67
Source articles2
Independent2
Info Completeness10/14
Missing: epss, kev, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-58011EXP
Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime
Trending: 78
CRITICALCVE-2026-58012EXP
Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()
Trending: 70
CRITICALCVE-2026-58015EXP
Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive
Trending: 60
NONECVE-2026-6324EXP
Libsoup: libsoup: http request smuggling via unsigned to signed conversion error
Trending: 1
NONECVE-2018-25305EXP
librsvg2-bin 2.40.13 Buffer Overflow via Malformed SVG

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jun 30, 2026
Discovered by ZDM
Jun 30, 2026
Actively Exploited
Jun 30, 2026
Exploit Available
Jun 30, 2026
Patch Available
Jun 30, 2026
Updated: affectedVersions, severity, patchAvailable
Jun 30, 2026

Version History

v2
Last enriched 20h ago
v2Tier C20h ago

Updated vendor to GNOME, product to GNOME GLib, affected versions to 2.88.0, severity to HIGH, and noted that no exploit exists.

affectedVersionsseveritypatchAvailable
via VulDB
v123h ago

Initial creation