CVE-2026-39959

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tmds.DBus versions prior to 0.92.0 Tmds.DBus.Protocol versions prior to 0.92.0 and 0.21.3

Description Tmds.DBus and Tmds.DBus.Protocol are susceptible to attacks from malicious D-Bus peers. An attacker on the same bus can impersonate the owner of a well-known name to spoof signals, exhaust system resources or cause file descriptor spillover by sending messages containing an excessive number of Unix file descriptors, and crash the application by sending malformed message bodies that trigger unhandled exceptions on the SynchronizationContext.

Recommendations Upgrade Tmds.DBus to version 0.92.0 or later. Upgrade Tmds.DBus.Protocol to version 0.92.0 or 0.21.3 or later.

Fix

Allocation of Resources Without Limits

Resource Exhaustion

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400CWE-290

Related Identifiers

CVE-2026-39959

GHSA-XRW6-GWF8-VVR9

Affected Products

Tmds.Dbus

Tmds.Dbus.Protocol

CVE-2026-39959

Weakness Enumeration

Related Identifiers

Affected Products

References · 7