CVE-2026-58016 vulnerability in Red Hat Products
Published on June 30, 2026
Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"
A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property> or <arg>. This issue can cause an unsigned integer overflow and lead to an out-of-bounds read, resulting in a denial of service.
Vulnerability Analysis
CVE-2026-58016 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Timeline
Reported to Red Hat.
Made public.
Weakness Type
What is an Integer underflow Vulnerability?
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. This can happen in signed and unsigned cases.
CVE-2026-58016 has been classified to as an Integer underflow vulnerability or weakness.
Products Associated with CVE-2026-58016
stack.watch emails you whenever new vulnerabilities are published in Red Hat Enterprise Linux (RHEL) or Red Hat Hummingbird. Just hit a watch button to start following.
Affected Versions
GNOME GLib:- Before 2.88.1 is affected.