Description
A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Published: 2026-06-05
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a use‑after‑free in the SyncChangeCounter function of the X.Org X server and Xwayland. A client that creates multiple SyncCounters can trigger the flaw when a second client deletes those counters while they are still being changed. The flaw can cause the X server to crash or, if the server is running with root privileges, can be used to elevate privileges of the malicious client. The primary impact is privilege escalation when the X server runs as root, and potential denial of service through a crash.

Affected Systems

Affected users are those running Red Hat Enterprise Linux 6 through 10, as these distributions ship the vulnerable X.Org X server and Xwayland. The flaw applies to all versions of these distributions that include the affected packages before the latest security update.

Risk and Exploitability

The CVSS score of 7.8 indicates a high‑severity flaw. The EPSS score is not available, so the current exploitation probability is unknown. The vulnerability is not listed in the CISA KEV catalog, but the flaw can be triggered by any client that can open a connection to the X server or Xwayland. If exploited, an attacker could crash the server or gain root privileges on systems where the X server runs with elevated rights. The primary attack vector is through a forged X client session, either local or networked, that exercises the counter functionality.

Generated by OpenCVE AI on June 5, 2026 at 12:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Red Hat security update that patches X.Org X server to eliminate the use‑after‑free flaw.
  • If an update cannot be applied immediately, run the X server under a non‑root user or restrict its privileges to reduce the risk of privilege escalation.
  • Limit client access to the X server by configuring access controls (e.g., xhost or X server configuration) so that only trusted users can connect.

Generated by OpenCVE AI on June 5, 2026 at 12:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9
References

Wed, 24 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8
References

Mon, 22 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.2
References

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8::crb
cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:enterprise_linux:9::crb
References

Wed, 17 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8::appstream
References

Mon, 15 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
First Time appeared X.org x Server
X.org xwayland
CPEs cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Vendors & Products X.org x Server
X.org xwayland

Sun, 07 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared X.org
X.org xorg-server
Vendors & Products X.org
X.org xorg-server

Fri, 05 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Fri, 05 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Description A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Title Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-416
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Redhat Enterprise Linux
X.org X Server Xorg-server Xwayland
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-25T13:16:27.887Z

Reserved: 2026-06-04T14:55:24.012Z

Link: CVE-2026-50261

cve-icon Vulnrichment

Updated: 2026-06-05T12:38:49.241Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-05T12:16:39.617

Modified: 2026-06-15T13:46:01.230

Link: CVE-2026-50261

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-02T00:00:00Z

Links: CVE-2026-50261 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-07T11:17:07Z

Weaknesses