CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-58012

mediumCVSS 6.5covered by 2 sourcesfirst seen 2026-06-09
A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the G_REGEX_RAW compile flag and case-change replacement escapes because the string_append function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the string is treated as raw bytes. This vulnerability can cause a minor information disclosure of 1-5 bytes and a denial of service when the buffer over-read crosses a page boundary.

CSIRTS triage

What
Buffer over-read can occur in g_regex_replace() due to certain function calls.
Who is affected
Users of Glib that utilize regex functionalities.
Urgency
This medium severity issue should be addressed to prevent potential data leaks.
Action
Update to the latest version of Glib.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-58012

Get an email if CVE-2026-58012 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (2)

External references

NVD record for CVE-2026-58012

CVE.org record

Embed the live status

CVE-2026-58012 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-58012 status](https://www.csirts.com/badge/CVE-2026-58012)](https://www.csirts.com/cve/CVE-2026-58012)