CVE-2026-50258
Modified Modified - Updated After Analysis

Stack-Based Buffer Overflow in X.Org X Server and Xwayland

Vulnerability report for CVE-2026-50258, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-05

Last updated on: 2026-07-15

Assigner: Red Hat, Inc.

Description

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift levels and trigger stack overflows. This is caused by an incomplete fix of CVE-2025-26597. This may be used to crash the server, or for privilege escalation if the X server runs as root.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-05
Last Modified
2026-07-15
Generated
2026-07-15
AI Q&A
2026-06-05
EPSS Evaluated
2026-07-14
NVD
EUVD

Affected Vendors & Products

Showing 6 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
x.org x_server to 21.1.23 (exc)
x.org xwayland to 24.1.12 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-50258 is a stack-based buffer overflow vulnerability in the X.Org X server and Xwayland, specifically in the XKB key types component.

The issue occurs because the CheckKeyTypes() function does not properly validate or limit the number of shift levels a client can set for key types. This allows a client to assign excessive shift levels that exceed the size of the allocated stack buffers.

As a result, this can cause multiple stack overflows, potentially leading to crashes or privilege escalation if the X server is running with root privileges.

This vulnerability is a consequence of an incomplete fix for a previous vulnerability, CVE-2025-26597.

Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability can be exploited by any X client connected to the X.Org X server or Xwayland.

The impacts include:

  • Crashing the X server, leading to denial of service.
  • Privilege escalation if the X server is running with root privileges, potentially allowing an attacker to execute code with elevated rights.
Detection Guidance

Detection of this vulnerability involves identifying if your system is running affected versions of the Xorg X11 server or Xwayland.

  • Check the installed version of xorg-x11-server: rpm -q xorg-x11-server
  • Check the installed version of xorg-x11-server-Xwayland: rpm -q xorg-x11-server-Xwayland

If the versions are less than or equal to 21.1.22 for xorg-x11-server or less than or equal to 24.1.9 for xorg-x11-server-Xwayland, your system is vulnerable.

Additionally, monitoring for crashes or unusual behavior in the X server processes may indicate exploitation attempts.

Mitigation Strategies

The immediate mitigation step is to update the affected packages to versions containing the upstream fixes.

  • Upgrade xorg-x11-server to version 21.1.23 or later.
  • Upgrade xorg-x11-server-Xwayland to version 24.1.12 or later.

If immediate updates are not possible, consider restricting access to the X server to trusted clients only, as the vulnerability can be exploited by any connected X client.

Also, running the X server with the least privileges possible can reduce the impact of a potential exploit.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50258. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart