Medium severity5.5NVD Advisory· Published Apr 7, 2026· Updated Apr 21, 2026
CVE-2026-34080
CVE-2026-34080
Description
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' (with a space before the equals sign) and similar cases. Clients can intercept D-Bus messages they should not have access to. This vulnerability is fixed in 0.1.7.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:flatpak:xdg-dbus-proxy:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:flatpak:xdg-dbus-proxy:*:*:*:*:*:*:*:*range: <0.1.7
- (no CPE)range: <0.1.7
- osv-coords4 versionspkg:rpm/opensuse/xdg-dbus-proxy&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/xdg-dbus-proxy&distro=openSUSE%20Tumbleweedpkg:rpm/suse/xdg-dbus-proxy&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/xdg-dbus-proxy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 0.1.6-160000.3.1+ 3 more
- (no CPE)range: < 0.1.6-160000.3.1
- (no CPE)range: < 0.1.7-1.1
- (no CPE)range: < 0.1.6-160000.3.1
- (no CPE)range: < 0.1.6-160000.3.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.