Description
A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory boundaries. This can lead to the exposure of sensitive information or cause the server to crash, resulting in a denial of service.
Published: 2026-05-05
Score: 6.1 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out‑of‑bounds read in the XKB modifier map handling within the X.Org X server. An attacker who can send requests to the X11 server can cause the server to read beyond its intended memory area, potentially exposing sensitive information or crashing the server, which results in a denial of service.

Affected Systems

Red Hat Enterprise Linux 6, 7, 8, 9, and 10 that ship with the X.Org X server are affected. No specific version numbers are listed in the CVE data.

Risk and Exploitability

The CVSS score is 6.1, indicating a moderate impact. EPSS is not available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to have the ability to communicate with the X11 server, so local or network access for X server connections is needed. Once that access is achieved, sending a malformed request can trigger the out‑of‑bounds read, potentially leaking data or causing a crash.

Generated by OpenCVE AI on May 5, 2026 at 17:26 UTC.

Remediation

Vendor Workaround

To mitigate this vulnerability, restrict access to the X11 server. If the X.Org X server is not required on a system, consider disabling or uninstalling it. For systems where the X server is necessary, ensure that access is limited to trusted users and networks. This can involve configuring `xhost` or implementing firewall rules to restrict connections to the X server. Any changes to X server configuration or service status may require a restart of the X server for the mitigation to take effect, which will impact active graphical sessions.

OpenCVE Recommended Actions

  • Configure X server access control using tools such as xhost or xauth so that only trusted users can connect.
  • Deploy firewall rules to block unwanted IP addresses or networks from connecting to the X server port.
  • If the X server is unnecessary on the system, uninstall or disable it, or restrict it to trusted networks.

Generated by OpenCVE AI on May 5, 2026 at 17:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Tue, 05 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory boundaries. This can lead to the exposure of sensitive information or cause the server to crash, resulting in a denial of service.
Title Xorg: xwayland: x.org x server: information disclosure or denial of service via out-of-bounds read in xkb modifier map handling
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-805
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L'}

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-05-05T14:41:10.065Z

Reserved: 2026-03-25T04:53:13.615Z

Link: CVE-2026-34002

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-05T16:16:11.787

Modified: 2026-05-05T19:31:10.400

Link: CVE-2026-34002

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-05T14:01:46Z

Links: CVE-2026-34002 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T17:30:06Z

Weaknesses