CVE-2026-50256
Modified Modified - Updated After Analysis
Stack-Based Buffer Overflow in X.Org X Server

Publication date: 2026-06-05

Last updated on: 2026-06-25

Assigner: Red Hat, Inc.

Description
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias target name length is 1024 bytes. A font alias name between 257 and 1023 bytes causes the X server to copy that name into the undersized stack buffer without further checks. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-05
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-05
EPSS Evaluated
2026-06-24
NVD
CVE-2026-50256
EUVD
EUVD-2026-34813
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
x.org x_server to 21.1.23 (exc)
x.org xwayland to 24.1.12 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-50256 is a stack-based buffer overflow vulnerability in the X.Org X server and Xwayland. It occurs because the X server allocates a 256-byte stack buffer for font alias names, but the libXfont2 library allows font alias names up to 1024 bytes. When a font alias name between 257 and 1023 bytes is processed, the X server copies it into the smaller buffer without checking its length, causing a buffer overflow.

This mismatch in handling font name lengths can lead to memory corruption, which may be exploited to crash the server or escalate privileges if the X server is running with root permissions.

Impact Analysis

This vulnerability can be exploited by any X client connected to the X server to cause a denial of service by crashing the server.

More seriously, if the X server is running with root privileges, an attacker could exploit this buffer overflow to escalate their privileges, potentially gaining unauthorized root access to the system.

Detection Guidance

This vulnerability can be detected by checking the versions of the xorg-x11-server and xorg-x11-server-Xwayland packages installed on your system, as vulnerable versions are up to 21.1.22 for xorg-x11-server and up to 24.1.9 for xorg-x11-server-Xwayland.

You can use package management commands to verify the installed versions. For example, on a Red Hat-based system, you can run:

  • rpm -q xorg-x11-server
  • rpm -q xorg-x11-server-Xwayland

If the versions are at or below the vulnerable versions, your system is susceptible to this vulnerability.

Additionally, monitoring for crashes or abnormal behavior of the X server when processing font alias names could indicate exploitation attempts, but no specific detection commands or signatures are provided.

Mitigation Strategies

The immediate mitigation step is to update the xorg-x11-server and xorg-x11-server-Xwayland packages to fixed versions where the vulnerability is resolved.

  • Upgrade xorg-x11-server to version 21.1.23 or later.
  • Upgrade xorg-x11-server-Xwayland to version 24.1.12 or later.

If updating is not immediately possible, consider restricting access to the X server to trusted clients only, as any connected X client can exploit this vulnerability.

Also, monitor for any unusual crashes or behavior of the X server and apply any vendor-provided patches as soon as they become available.

Compliance Impact

The vulnerability is a stack-based buffer overflow in the X.Org X server and Xwayland that can lead to privilege escalation if the server runs as root. Such a security flaw could potentially allow unauthorized access or control over the affected system.

While the provided information does not explicitly mention compliance with standards like GDPR or HIPAA, vulnerabilities that allow privilege escalation and potential unauthorized access can impact compliance by increasing the risk of data breaches or unauthorized data access.

Organizations subject to regulations such as GDPR or HIPAA need to address such vulnerabilities promptly to maintain compliance, as failure to do so could result in exposure of sensitive data and consequent regulatory penalties.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50256. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart