Skip to main content

X.Org X Server EUVD-2026-34820

| CVE-2026-50263 MEDIUM
Use After Free (CWE-416)
2026-06-05 redhat GHSA-4ph5-83mw-vm42
Information Disclosure Use After Free Memory Corruption Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9
5.5
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jun 05, 2026 - 12:20 vuln.today
CVE Published
Jun 05, 2026 - 10:36 nvd
MEDIUM 5.5

DescriptionCVE.org

A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.

AnalysisAI

Use-after-free read in X.Org X server and Xwayland's CreateSaverWindow() function exposes heap memory to local authenticated users, resulting in information disclosure. A low-privileged local X client can manipulate window attributes and force screen saver activation to trigger a read from freed memory, leaking potentially sensitive heap contents (C:H/I:N/A:N). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain low-privilege local shell access
Delivery
Open X client connection to running X server
Exploit
Manipulate window attributes via X11 protocol
Execution
Force screen saver activation via XActivateScreenSaver
Persist
Trigger use-after-free read in CreateSaverWindow()
Impact
Receive leaked heap memory contents
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires a local account on the target system with the ability to open an X client connection to the running X server (AV:L/PR:L from CVSS vector). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N places this at Medium severity (5.5). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A low-privileged local user with shell access on a system running an X server opens an X client connection, programmatically alters window attributes on a targeted window, then issues a command to force screen saver activation. This sequence causes CreateSaverWindow() to read from a freed heap region, and the server returns or leaks the stale memory contents to the client - potentially including sensitive data resident in the X server's heap at the time of the free. …
Remediation The primary fix is the upstream commit ecc634f1b2f7aa473d3a267eada98c4918bf9e05 to the xorg/xserver repository on freedesktop.org GitLab; a tagged release version incorporating this fix is not independently confirmed from the provided data, so administrators should monitor the xorg-announce mailing list post at https://lists.x.org/archives/xorg-announce/2026-June/003702.html for an official release announcement. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-11788 HIGH
7.5 Jun 09

Remote denial of service in 389 Directory Server (Red Hat Directory Server 11/12/13 and Red Hat Enterprise Linux 6 throu
CVE-2026-48914 MEDIUM
6.7 Jun 12

Out-of-bounds heap write in QEMU's virtio-blk device allows a high-privileged guest to crash the host QEMU process. The

CVE-2026-11789 MEDIUM
6.5 Jun 09

Denial-of-service in Red Hat's 389 Directory Server allows a highly privileged network attacker to crash the LDAP servic
CVE-2026-11786 MEDIUM
6.5 Jun 09

Out-of-bounds read in 389 Directory Server's LDIF parser exposes limited heap memory to a highly privileged local attack
CVE-2026-11611 MEDIUM
6.5 Jun 08

Denial of service in Red Hat 389 Directory Server's Content Synchronization persistent search plugin enables authenticat

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected
SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected
SUSE Linux Enterprise Module for Development Tools 15 SP7 Affected

Share

EUVD-2026-34820 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy