CVE-2026-50259
Modified Modified - Updated After Analysis
Stack-Based Buffer Overflow in X.Org X Server and Xwayland

Publication date: 2026-06-05

Last updated on: 2026-06-25

Assigner: Red Hat, Inc.

Description
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This may be used to crash the server, or for privilege escalation if the X server runs as root.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-05
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-05
EPSS Evaluated
2026-06-24
NVD
CVE-2026-50259
EUVD
EUVD-2026-34814
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
x.org x_server to 21.1.23 (exc)
x.org xwayland to 24.1.12 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-50259 is a stack-based buffer overflow vulnerability found in the X.Org X server and Xwayland. The issue occurs in the _XkbSetMapChecks() function, which declares a fixed-size stack buffer named mapWidths with 256 elements. This buffer is indexed by a key type index that is controlled by the client. The helper function CheckKeyTypes() writes data to this buffer at an offset determined by the client, which can lead to writing beyond the buffer's boundary, causing a stack buffer overflow.

This flaw allows an attacker who can connect as an X client to the server to exploit the overflow, potentially causing the server to crash or, if the X server is running with root privileges, to escalate their privileges.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability can impact you by allowing an attacker with access to the X server as a client to cause a denial of service through server crashes or to gain elevated privileges if the server runs as root.

  • Server crashes leading to denial of service.
  • Privilege escalation if the X server runs with root privileges, potentially allowing an attacker to execute arbitrary code with elevated rights.
Detection Guidance

This vulnerability affects the Xorg X11 server and Xwayland components, specifically versions up to and including 21.1.22 for xorg-x11-server and 24.1.9 for xorg-x11-server-Xwayland.

To detect if your system is vulnerable, you can check the installed versions of these packages.

  • For RPM-based systems (e.g., Red Hat, CentOS, Fedora): rpm -q xorg-x11-server xorg-x11-server-Xwayland
  • For Debian-based systems (e.g., Ubuntu): dpkg -l | grep xorg-server

If the installed versions are at or below the vulnerable versions, your system is susceptible to this stack buffer overflow.

Additionally, monitoring for crashes or abnormal behavior of the X server may indicate exploitation attempts.

Mitigation Strategies

The primary mitigation step is to update the affected packages to versions where the vulnerability is fixed.

  • Upgrade xorg-x11-server to version 21.1.23 or later.
  • Upgrade xorg-x11-server-Xwayland to version 24.1.12 or later.

If immediate updates are not possible, consider restricting access to the X server to trusted clients only, as the vulnerability can be exploited by any connected X client.

Also, running the X server with the least privileges possible can reduce the impact of a potential exploit.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50259. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart