CVE-2026-34080
Public on 2026-04-07
Modified on 2026-04-10
Description
Eavesdrop filter bypass allows message interception in xdg-dbus-proxy before 0.1.7. A local client can craft D-Bus match rules with whitespace before the equals sign (e.g., 'eavesdrop =true') to bypass the eavesdrop filter, allowing interception of D-Bus messages that should be inaccessible.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2023 | xdg-dbus-proxy | Pending Fix |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |