CVE-2026-34080

216.73.216.6

· Published 07/04/2026 21:17 · Modified 08/04/2026 21:27

Labels: CVE-2026-34080 2026-04-07 CVE-2026-34080 CWE-1289 [email protected]

Essential information

Published: 07/04/2026 21:17
Modified: 08/04/2026 21:27
Author: —
Creator: —
CVSS: 6.8 MEDIUM (v3) 6.8 MEDIUM (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' (with a space before the equals sign) and similar cases. Clients can intercept D-Bus messages they should not have access to. This vulnerability is fixed in 0.1.7.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
xdg-dbus-proxy / xdg-dbus-proxy	`cpe:2.3:a:xdg-dbus-proxy:xdg-dbus-proxy:<0.1.7:::::::*`
xdg-dbus-proxy / xdg-dbus-proxy	`cpe:2.3:a:xdg-dbus-proxy:xdg-dbus-proxy:0.1.7:::::::*`