CVE-2026-50258
Modified Modified - Updated After Analysis
Stack-Based Buffer Overflow in X.Org X Server and Xwayland

Publication date: 2026-06-05

Last updated on: 2026-06-25

Assigner: Red Hat, Inc.

Description
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift levels and trigger stack overflows. This is caused by an incomplete fix of CVE-2025-26597. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-05
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-05
EPSS Evaluated
2026-06-24
NVD
CVE-2026-50258
EUVD
EUVD-2026-34815
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
x.org x_server to 21.1.23 (exc)
x.org xwayland to 24.1.12 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-50258 is a stack-based buffer overflow vulnerability in the X.Org X server and Xwayland, specifically in the XKB key types component.

The issue occurs because the CheckKeyTypes() function does not properly validate or limit the number of shift levels a client can set for key types. This allows a client to assign excessive shift levels that exceed the size of the allocated stack buffers.

As a result, this can cause multiple stack overflows, potentially leading to crashes or privilege escalation if the X server is running with root privileges.

This vulnerability is a consequence of an incomplete fix for a previous vulnerability, CVE-2025-26597.

Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability can be exploited by any X client connected to the X.Org X server or Xwayland.

The impacts include:

  • Crashing the X server, leading to denial of service.
  • Privilege escalation if the X server is running with root privileges, potentially allowing an attacker to execute code with elevated rights.
Detection Guidance

Detection of this vulnerability involves identifying if your system is running affected versions of the Xorg X11 server or Xwayland.

  • Check the installed version of xorg-x11-server: rpm -q xorg-x11-server
  • Check the installed version of xorg-x11-server-Xwayland: rpm -q xorg-x11-server-Xwayland

If the versions are less than or equal to 21.1.22 for xorg-x11-server or less than or equal to 24.1.9 for xorg-x11-server-Xwayland, your system is vulnerable.

Additionally, monitoring for crashes or unusual behavior in the X server processes may indicate exploitation attempts.

Mitigation Strategies

The immediate mitigation step is to update the affected packages to versions containing the upstream fixes.

  • Upgrade xorg-x11-server to version 21.1.23 or later.
  • Upgrade xorg-x11-server-Xwayland to version 24.1.12 or later.

If immediate updates are not possible, consider restricting access to the X server to trusted clients only, as the vulnerability can be exploited by any connected X client.

Also, running the X server with the least privileges possible can reduce the impact of a potential exploit.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50258. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart