Description
A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Published: 2026-06-05
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw was discovered in the X.Org X Server and Xwayland implementation of freecounter(). An attacker can create multiple SyncCounters from one client and then trigger their deletion via a second client connection, causing an access to freed memory. This triggers either a crash of the X server or, if the server is running with elevated privileges, a privilege‑escalation opportunity for the attacker.

Affected Systems

Red Hat Enterprise Linux 6, 7, 8, 9 and 10 running the bundled X.Org X Server and Xwayland components are affected by this vulnerability.

Risk and Exploitability

The flaw carries a CVSS score of 7.8, indicating a moderate‑to‑high level of risk. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. Exploitation would typically require a local or networked client able to interact with the X server, and could lead to denial of service or elevation of privilege when the X server runs as root.

Generated by OpenCVE AI on June 5, 2026 at 12:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Red Hat security update that patches the X.Org X Server and Xwayland components for CVE‑2026‑50260.
  • If Xwayland usage is not required, disable or remove it to reduce the attack surface.
  • Configure the X server to run under a non‑privileged user account or use per‑user X server instances to mitigate the privilege escalation risk.

Generated by OpenCVE AI on June 5, 2026 at 12:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Fri, 05 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Description A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Title Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter()
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-416
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-05T10:36:30.319Z

Reserved: 2026-06-04T14:55:24.011Z

Link: CVE-2026-50260

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-05T12:16:39.430

Modified: 2026-06-05T13:27:38.750

Link: CVE-2026-50260

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-02T00:00:00Z

Links: CVE-2026-50260 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T12:30:40Z

Weaknesses