CVE-2026-34080

CVSS v4.0

6.8

Medium

Vector

AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions xdg-dbus-proxy versions prior to 0.1.7

Description xdg-dbus-proxy is a filtering proxy for D-Bus connections. A policy parser issue allows bypassing eavesdrop restrictions. The proxy incorrectly handles variations in the 'eavesdrop' policy rule format, such as including a space before the equals sign (e.g., 'eavesdrop ='true''). This allows clients to intercept D-Bus messages they are not authorized to access.

Recommendations Update to version 0.1.7 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1289

Related Identifiers

CVE-2026-34080

OESA-2026-2212

OESA-2026-2213

OESA-2026-2214

OESA-2026-2286

OESA-2026-2287

OPENSUSE-SU-2026:10625-1

USN-8167-1

USN-8167-2

Affected Products

Linuxmint

Ubuntu

Xdg-Dbus-Proxy

CVE-2026-34080

Weakness Enumeration

Related Identifiers

Affected Products

References · 28