Description:
A policy parser vulnerability allows bypassing eavesdrop restrictions.
The proxy checks for eavesdrop=true in policy rules but fails to handle
eavesdrop ='true' (with a space before the equals sign) and similar
cases.
- https://bugs.mageia.org/show_bug.cgi?id=35347
- https://www.openwall.com/lists/oss-security/2026/04/10/15
- https://github.com/flatpak/xdg-dbus-proxy/security/advisories/GHSA-vjp5-hjfm-7677
- https://www.cve.org/CVERecord?id=CVE-2026-34080
- 9/core/xdg-dbus-proxy-0.1.7-1.mga9
Publication date:07 Jun 2026
Get the latest Linux and open source security news straight to your inbox.