Diskspace exhaustion via malcontenttimerd RecordUsage DBus (0.14.0)
CVE-2026-44931 Published on May 13, 2026

malcontent: Disk Space Exhaustion via Globally Accessible D-Bus API
The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c in malcontent-timerd allows arbitrary users in the system to slowly fill up disk space in /var/lib/malcontent-timerd

NVD

Weakness Type

Allocation of Resources Without Limits or Throttling

The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

Affected Versions

gnome malcontent:

Version 0.14 and below unknown is affected.

Diskspace exhaustion via malcontenttimerd RecordUsage DBus (0.14.0)CVE-2026-44931 Published on May 13, 2026

Weakness Type

Allocation of Resources Without Limits or Throttling

Affected Versions

Diskspace exhaustion via malcontenttimerd RecordUsage DBus (0.14.0)
CVE-2026-44931 Published on May 13, 2026