CVE-2026-39959
Published: 09 April 2026
Summary
CVE-2026-39959 is a high-severity Authentication Bypass by Spoofing (CWE-290) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Endpoint Denial of Service (T1499); ranked at the 0.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-6 (Resource Availability) and SI-10 (Information Input Validation).
Deeper analysis
Tmds.DBus and Tmds.DBus.Protocol, .NET libraries for interacting with the D-Bus interprocess communication system, are affected by CVE-2026-39959. The vulnerability allows malicious D-Bus peers to spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover through messages with an excessive number of Unix file descriptors, and crash applications via malformed message bodies that trigger unhandled exceptions on the SynchronizationContext. This issue, associated with CWE-290 (Authentication Bypass/Masquerading) and CWE-770 (Allocation of Resources Without Limits or Throttling), carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).
Exploitation requires a malicious peer on the same D-Bus bus, typically feasible for a local attacker with low privileges. Such an actor can achieve signal spoofing to manipulate communications, resource exhaustion or file descriptor leaks leading to denial of service, and application crashes, resulting in high integrity and availability impacts without confidentiality loss.
The vulnerability is addressed in Tmds.DBus version 0.92.0 and Tmds.DBus.Protocol versions 0.92.0 and 0.21.3. Additional details are available in the GitHub security advisory at https://github.com/tmds/Tmds.DBus/security/advisories/GHSA-xrw6-gwf8-vvr9.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-20964
Vulnerability details
Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or…
more
cause file descriptor spillover by sending messages with an excessive number of Unix file descriptors, and crash the application by sending malformed message bodies that cause unhandled exceptions on the SynchronizationContext. This vulnerability is fixed in Tmds.DBus 0.92.0 and Tmds.DBus.Protocol 0.92.0 and 0.21.3.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables endpoint DoS via resource exhaustion (excessive FDs) and crashes from malformed messages (T1499); also allows signal spoofing/impersonation to manipulate transmitted communications (T1565.002).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation through patching Tmds.DBus to version 0.92.0 or later directly eliminates the spoofing, resource exhaustion, and crash vulnerabilities.
Resource availability controls enforce limits on allocation to prevent exhaustion and file descriptor spillover from excessive Unix file descriptors in D-Bus messages.
Information input validation rejects malformed D-Bus message bodies and excessive file descriptors, preventing application crashes and resource exhaustion.