CVE-2026-50262
X.Org X Server and Xwayland Out-of-Bounds Read Vulnerability
Publication date: 2026-06-05
Last updated on: 2026-06-05
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| the_x.org_foundation | xorg-x11-server | to 21.1.22 (inc) |
| the_x.org_foundation | xorg-x11-server-xwayland | to 24.1.9 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an out-of-bounds read that can lead to information disclosure by reading client-controlled bytes beyond the request buffer. Such unauthorized disclosure of information could potentially impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive data against unauthorized access.
However, the provided information does not specify exact impacts on compliance frameworks or whether the disclosed information includes personal or protected health information.
Can you explain this vulnerability to me?
CVE-2026-50262 is a vulnerability in the X.Org X server and Xwayland packages involving an out-of-bounds read and write flaw in the __glXDisp_ChangeDrawableAttributes() function.
The flaw is caused by incorrect size validation, which allows a client to control the number of bytes read or written beyond the intended request buffer.
While the read operation can lead to information disclosure, the write operation could potentially crash the server or enable privilege escalation if the server runs with root privileges. However, the write path requires byte-swapped clients, which are disabled by default, reducing the risk of exploitation.
Any X client that can connect to the server can trigger this vulnerability.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to read sensitive information from the server's memory due to the out-of-bounds read.
In some cases, if the write path is exploited (which requires byte-swapped clients and is disabled by default), it could crash the X server or even lead to privilege escalation if the server is running with root privileges.
Therefore, the main risks are information disclosure and potential denial of service or privilege escalation under specific conditions.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if your system is running affected versions of the xorg-x11-server or xorg-x11-server-Xwayland packages. Specifically, versions up to 21.1.22 for xorg-x11-server and up to 24.1.9 for xorg-x11-server-Xwayland are vulnerable.
You can check the installed package versions using commands like:
- For RPM-based systems (e.g., Red Hat, CentOS, Fedora): rpm -q xorg-x11-server xorg-x11-server-Xwayland
- For Debian-based systems (e.g., Ubuntu): dpkg -l | grep xorg-x11-server
Additionally, monitoring for unusual crashes or information disclosure attempts related to the GLX ChangeDrawableAttributes function may indicate exploitation attempts, but no specific detection commands or signatures are provided.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the affected packages to fixed versions. Specifically, upgrade to xorg-server version 21.1.23 or later and xwayland version 24.1.12 or later.
Since the write path requires byte-swapped clients which are disabled by default, the primary risk is information disclosure via the out-of-bounds read. Limiting access to the X server to trusted clients can reduce exposure.
If patching is not immediately possible, consider restricting network or local access to the X server to prevent untrusted clients from connecting.