🟠 High  |  Source: Microsoft Security Response Center


CVE-2026-58014 is an off-by-one memory error in GLib, a widely used open-source utility library, specifically within the function that reads locale-specific string lists from configuration files. This class of vulnerability can potentially allow an attacker to read or corrupt adjacent memory, leading to information disclosure or application crashes. Because GLib is a foundational dependency in many Linux-based environments — including Azure-hosted workloads and container images — the blast radius could be broad if exploited.

Security Architect’s Take: Audit your Azure Linux VMs, container base images, and any managed services running GLib to determine if a vulnerable version is in use, and prioritise patching via your OS package manager or container rebuild pipeline. Pay particular attention to internet-facing workloads where untrusted configuration files or inputs could be processed by GLib.

Original advisory: CVE-2026-58014 Glib: off-by-one error in glib/gkeyfile.c via “g_key_file_get_locale_string_list”