CVE-2026-58016

HIGH

Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-58016. PoCs published by HermesNA-1.

AI-analyzed exploit summary This repository contains an auto-generated stub module for CVE-2026-58016, a state confusion vulnerability in GLib's g_dbus_node_info_new_for_xml() function when processing malformed D-Bus introspection XML. The code lacks actual exploit implementation and only includes placeholder logic for target probing.

Description

A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property> or <arg>. This issue can cause an unsigned integer overflow and lead to an out-of-bounds read, resulting in a denial of service.

Exploits (1)

github STUB 1 stars
by HermesNA-1 · pythonpoc
https://github.com/HermesNA-1/SnakeSploit/tree/main/data/modules_generated/cve-2026-58016_flaw_was_found.py

This repository contains an auto-generated stub module for CVE-2026-58016, a state confusion vulnerability in GLib's g_dbus_node_info_new_for_xml() function when processing malformed D-Bus introspection XML. The code lacks actual exploit implementation and only includes placeholder logic for target probing.

Classification
Stub 99%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: GLib (gio/gdbusintrospection.c)
No auth needed
Prerequisites: Access to a D-Bus service that processes untrusted introspection XML · Network connectivity to the target service
mistral-large-3 · analyzed Jul 09, 2026 Full analysis →

References (3)

Core 3
Core References
Vdb Entry, X_Refsource_Redhat vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-58016
Issue Tracking, X_Refsource_Redhat issue-tracking x_refsource_redhat
RHBZ#2492257
https://bugzilla.redhat.com/show_bug.cgi?id=2492257

Scores

CVSS v3 7.5
EPSS 0.0037
EPSS Percentile 29.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-191
Status published
Products (13)
GNOME/GLib < 2.88.1
gnome/glib < 2.88.1
Red Hat/Red Hat Enterprise Linux 10
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
Red Hat/Red Hat Enterprise Linux 9
Red Hat/Red Hat Hardened Images
redhat/enterprise_linux 6.0
redhat/enterprise_linux 7.0
... and 3 more
Published Jun 30, 2026
Tracked Since Jun 30, 2026