CVE-2026-39959

// Conceptual PoC for CVE-2026-39959: Resource Exhaustion // This C# code demonstrates how a malicious peer on the D-Bus bus // might attempt to send a message with excessive file descriptors // to crash or exhaust resources in a vulnerable Tmds.DBus application. using System; using System.Threading.Tasks; // Hypothetical usage of Tmds.DBus namespace MaliciousDBusPeer { class Program { static async Task Main(string[] args) { Console.WriteLine("[+] Starting malicious D-Bus peer..."); // Simulate connection to the Session Bus // var connection = new Connection(Address.Session); // await connection.ConnectAsync(); // Target a vulnerable service // string targetService = "org.vulnerable.Service"; // Attack Vector: Send message with excessive File Descriptors // int excessiveFdCount = 10000; // var fds = new System.IO.FileStream[excessiveFdCount]; // In a real scenario, we would open dummy files to get FDs // for(int i=0; i<excessiveFdCount; i++) { // fds[i] = File.OpenRead("/dev/null"); // } // try { // // Send the malicious payload // // await connection.SendSignalWithFdsAsync(targetService, "/org/vulnerable/Object", fds); // Console.WriteLine("[!] Malicious payload sent successfully."); // } catch (Exception ex) { // Console.WriteLine($"[-] Attack failed: {ex.Message}"); // } } } }

{"cve": {"id": "CVE-2026-39959", "sourceIdentifier": "[email protected]", "published": "2026-04-09T17:16:30.440", "lastModified": "2026-04-13T15:02:27.760", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by sending messages with an excessive number of Unix file descriptors, and crash the application by sending malformed message bodies that cause unhandled exceptions on the SynchronizationContext. This vulnerability is fixed in Tmds.DBus 0.92.0 and Tmds.DBus.Protocol 0.92.0 and 0.21.3."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-290"}, {"lang": "en", "value": "CWE-770"}]}], "references": [{"url": "https://github.com/tmds/Tmds.DBus/security/advisories/GHSA-xrw6-gwf8-vvr9", "source": "[email protected]"}]}}