CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-58016

highCVSS 7.5covered by 2 sourcesfirst seen 2026-06-09
A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property> or <arg>. This issue can cause an unsigned integer overflow and lead to an out-of-bounds read, resulting in a denial of service.

CSIRTS triage

What
There is an integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml".
Who is affected
Deployments using affected versions of Glib.
Urgency
Remediation is high urgency due to the high severity of the issue.
Action
Patch to the latest version to resolve CVE-2026-58016.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-58016

Get an email if CVE-2026-58016 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (2)

External references

NVD record for CVE-2026-58016

CVE.org record

Embed the live status

CVE-2026-58016 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-58016 status](https://www.csirts.com/badge/CVE-2026-58016)](https://www.csirts.com/cve/CVE-2026-58016)