High severity7.1NVD Advisory· Published Apr 9, 2026· Updated Apr 13, 2026
CVE-2026-39959
CVE-2026-39959
Description
Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by sending messages with an excessive number of Unix file descriptors, and crash the application by sending malformed message bodies that cause unhandled exceptions on the SynchronizationContext. This vulnerability is fixed in Tmds.DBus 0.92.0 and Tmds.DBus.Protocol 0.92.0 and 0.21.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Tmds.DBusNuGet | < 0.92.0 | 0.92.0 |
Tmds.DBus.ProtocolNuGet | < 0.21.3 | 0.21.3 |
Tmds.DBus.ProtocolNuGet | >= 0.22.0, < 0.92.0 | 0.92.0 |
Affected products
2- ghsa-coords2 versions
< 0.92.0+ 1 more
- (no CPE)range: < 0.92.0
- (no CPE)range: < 0.21.3
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.