Vulnerability in Flatpak Xdg-dbus-proxy
CVE-2026-34080
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' (wi…
EPSS: 0.000 (1.1th percentile) — read the EPSS interpretation.
Affected products
- Flatpak Xdg-dbus-proxy — versions < 0.1.7
Weakness classification (CWE)
References
- https://github.com/flatpak/xdg-dbus-proxy/security/advisories/GHSA-vjp5-hjfm-7677 (x_refsource_CONFIRM)