CVE-2026-34002
Modified Modified - Updated After Analysis
Out-of-Bounds Read in X.Org X Server XKB Modifier Map

Publication date: 2026-05-05

Last updated on: 2026-06-08

Assigner: Red Hat, Inc.

Description
A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory boundaries. This can lead to the exposure of sensitive information or cause the server to crash, resulting in a denial of service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-05
Last Modified
2026-06-08
Generated
2026-06-16
AI Q&A
2026-05-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34002
EUVD
EUVD-2026-27343
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
x.org x_server *
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-805 The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-34002 is an out-of-bounds read vulnerability in the X.Org X server, specifically in the handling of the X Keyboard Extension (XKB) modifier map.

The flaw occurs because the function that processes the modifier map request does not properly check that it stays within the bounds of the client data. This allows an attacker with access to the X11 server to send a malformed request that causes the server to read memory beyond the intended buffer.

Exploiting this vulnerability can lead to exposure of sensitive information or cause the server to crash, resulting in a denial of service.

Impact Analysis

This vulnerability can impact you by allowing an attacker with access to the X11 server to read sensitive information from memory that should not be accessible.

Additionally, the attacker can cause the X.Org X server to crash, leading to a denial of service which disrupts normal operations.

Since the vulnerability requires local access to the X11 server and low privileges, it may be exploited in environments where multiple users share the same system or where untrusted users have access.

Detection Guidance

This vulnerability involves an out-of-bounds read in the X.Org X server's XKB modifier map handling, which can be exploited by sending malformed requests to the X11 server.

Detection would involve monitoring for unusual or malformed X11 requests targeting the XKB modifier map, or observing crashes or abnormal behavior in the X.Org X server.

However, no specific detection commands or tools are provided in the available information.

Mitigation Strategies

The provided information does not specify immediate mitigation steps or patches for this vulnerability.

General best practices would include restricting access to the X11 server to trusted users only, monitoring for unusual activity, and applying security updates once they become available.

Compliance Impact

This vulnerability can lead to the exposure of sensitive information due to an out-of-bounds read in the X.Org X server's XKB modifier map handling. Such exposure of sensitive data may impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access.

Additionally, the vulnerability can cause a denial of service by crashing the server, potentially affecting system availability, which is also a consideration under these standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34002. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart