SecuriTricks - CVE-2026-39959

Description

Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by sending messages with an excessive number of Unix file descriptors, and crash the application by sending malformed message bodies that cause unhandled exceptions on the SynchronizationContext. This vulnerability is fixed in Tmds.DBus 0.92.0 and Tmds.DBus.Protocol 0.92.0 and 0.21.3.

Product(s) Impacted

Vendor	Product	Versions
Tmds	Dbus Dbus.protocol	0.92.0 0.92.0, 0.21.3

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-290

Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	tmds	dbus	0.92.0	/	/	/	/	/	/	/
a	tmds	dbus.protocol	0.92.0	/	/	/	/	/	/	/
a	tmds	dbus.protocol	0.21.3	/	/	/	/	/	/	/

References

https://github.com/tmds/Tmds.DBus/security/advisories/GHSA-xrw6-gwf8-vvr9

CVSS Score

7.1 / 10

CVSS Data - 3.1

Attack Vector: LOCAL
Attack Complexity: LOW
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: NONE
Integrity Impact: HIGH
Availability Impact: HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

View Vector String

Timeline

Published: April 9, 2026, 5:16 p.m.
Last Modified: April 9, 2026, 5:16 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

CVE-2026-39959