Description
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Published: 2026-06-05
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack-based buffer overflow in the X.Org X server and Xwayland is triggered by an unchecked key mapping request that writes past the bounds of a fixed 256‑element array. This flaw allows an attacker controlling the client request to overwrite local stack memory, potentially corrupting execution or enabling arbitrary code execution. If the X server runs with root privileges, the overflow can be used for privilege escalation; otherwise it typically results in a crash. The vulnerability is classified as CWE‑121.

Affected Systems

Red Hat Enterprise Linux releases 6 through 10 are affected because the xorg‑x11‑server and xorg‑x11‑server‑xwayland packages bundled with those distributions contain the unpatched code. Any system that runs either of those packages without the latest patch is susceptible, regardless of minor version.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity, while the EPSS score is not available and the issue is not listed in the CISA KEV catalog. An attacker can trigger the failure by sending a malicious client request; local users who can talk to the X server, or remote users if the server accepts network connections, can exploit it. Successful exploitation allows an attacker to crash the server, and if the server runs as root, the overflow can be leveraged to execute code with root privileges, achieving privilege escalation. Administrators should treat this as a critical patching priority.

Generated by OpenCVE AI on June 5, 2026 at 12:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the X.Org X server to the latest patched version, e.g., install the Red Hat update that contains commit 867b59b33bee for the xorg‑x11‑server and xorg‑x11‑server‑xwayland packages.
  • If a patch is not yet available, limit the X server’s exposure by configuring it to listen only on local Unix‑domain sockets and blocking any network ports with a firewall.
  • Reconfigure the system to run the X server without elevated privileges; use a dedicated non‑privileged display manager or remove set‑uid bits so the X server process does not run as root.

Generated by OpenCVE AI on June 5, 2026 at 12:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Fri, 05 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Description A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Title Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexing
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-121
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-05T13:00:28.347Z

Reserved: 2026-06-04T14:55:24.011Z

Link: CVE-2026-50259

cve-icon Vulnrichment

Updated: 2026-06-05T13:00:24.211Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-05T12:16:39.240

Modified: 2026-06-05T13:27:38.750

Link: CVE-2026-50259

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-02T00:00:00Z

Links: CVE-2026-50259 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T12:30:40Z

Weaknesses