Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-50259— Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexing

CVSS 7.8 · High EPSS 0.17% · P6

Possible ATT&CK Techniques 1AI

T1203 · Exploitation for Client Execution

Affected Version Matrix 11

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 100:24.1.9-4.el10_2.2< *unaffected
Red HatRed Hat Enterprise Linux 6anyaffected
anyunknown
Red HatRed Hat Enterprise Linux 7anyaffected
anyaffected
Red HatRed Hat Enterprise Linux 80:21.1.3-20.el8_10.2< *unaffected
0:1.20.11-28.el8_10.2< *unaffected
0:1.15.0-10.el8_10< *unaffected
Red HatRed Hat Enterprise Linux 90:24.1.9-4.el9_8.2< *unaffected
0:1.20.11-34.el9_8.2< *unaffected
0:1.15.0-7.el9_8.2< *unaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-50259

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexing
Source: NVD (National Vulnerability Database)
Vulnerability Description
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
栈缓冲区溢出
Source: NVD (National Vulnerability Database)
Vulnerability Title
X.Org X server和Xwayland 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
X.Org X Server是X.Org基金会的一款X Window系统显示服务器。Xwayland是Xwayland开源的一个通信协议,规定了显示服务器与其客户机之间的通信方式。 X.Org X server和Xwayland存在安全漏洞,该漏洞源于_XkbSetMapChecks中固定大小栈缓冲区被客户端控制偏移索引导致栈缓冲区溢出,可能导致服务器崩溃或权限提升。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Red HatRed Hat Enterprise Linux 10 0:24.1.9-4.el10_2.2 ~ * cpe:/o:redhat:enterprise_linux:10.2
Red HatRed Hat Enterprise Linux 8 0:21.1.3-20.el8_10.2 ~ * cpe:/a:redhat:enterprise_linux:8::appstream
Red HatRed Hat Enterprise Linux 8 0:1.20.11-28.el8_10.2 ~ * cpe:/a:redhat:enterprise_linux:8::appstream
Red HatRed Hat Enterprise Linux 8 0:1.15.0-10.el8_10 ~ * cpe:/a:redhat:enterprise_linux:8::appstream
Red HatRed Hat Enterprise Linux 9 0:24.1.9-4.el9_8.2 ~ * cpe:/a:redhat:enterprise_linux:9::appstream
Red HatRed Hat Enterprise Linux 9 0:1.20.11-34.el9_8.2 ~ * cpe:/a:redhat:enterprise_linux:9::appstream
Red HatRed Hat Enterprise Linux 9 0:1.15.0-7.el9_8.2 ~ * cpe:/a:redhat:enterprise_linux:9::appstream
Red HatRed Hat Enterprise Linux 6-cpe:/o:redhat:enterprise_linux:6
Red HatRed Hat Enterprise Linux 6-cpe:/o:redhat:enterprise_linux:6
Red HatRed Hat Enterprise Linux 7-cpe:/o:redhat:enterprise_linux:7
Red HatRed Hat Enterprise Linux 7-cpe:/o:redhat:enterprise_linux:7

II. Public POCs for CVE-2026-50259

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-50259

登录查看更多情报信息。

Patches & Fixes for CVE-2026-50259 (1)

Vendor Advisories for CVE-2026-50259 (5)

Mailing List Discussions for CVE-2026-50259 (1)

Other References for CVE-2026-50259 (4)

Same Patch Batch · Red Hat · 2026-06-05 · 11 CVEs total

CVE-2026-113327.8 HIGHAnsible-core: argument injection in ansible-galaxy role install leads to arbitrary code ex
CVE-2026-502567.8 HIGHXorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in font
CVE-2026-502577.8 HIGHXorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in misyncdestro
CVE-2026-502587.8 HIGHXorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb k
CVE-2026-502607.8 HIGHXorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter(
CVE-2026-502617.8 HIGHXorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangeco
CVE-2026-502647.8 HIGHXorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds heap write in dr
CVE-2026-502625.5 MEDIUMXorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in gl
CVE-2026-502635.5 MEDIUMXorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free information dis
CVE-2026-90882.7 LOWKeycloak: keycloak: information disclosure due to user profile permission bypass

IV. Related Vulnerabilities

V. Comments for CVE-2026-50259

No comments yet


Leave a comment