Medium severity6.1NVD Advisory· Published May 5, 2026· Updated Jun 8, 2026
CVE-2026-34002
CVE-2026-34002
Description
A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory boundaries. This can lead to the exposure of sensitive information or cause the server to crash, resulting in a denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
32cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- osv-coords25 versionspkg:apk/chainguard/xorg-serverpkg:apk/wolfi/xorg-serverpkg:rpm/opensuse/xorg-x11-server&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/xorg-x11-server&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/xorg-x11-server&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/xwayland&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/xwayland&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/xwayland&distro=openSUSE%20Tumbleweedpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/xwayland&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/xwayland&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/xwayland&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7
< 21.1.22-r0+ 24 more
- (no CPE)range: < 21.1.22-r0
- (no CPE)range: < 21.1.22-r0
- (no CPE)range: < 21.1.11-150600.5.25.1
- (no CPE)range: < 21.1.15-160000.4.1
- (no CPE)range: < 21.1.21-5.1
- (no CPE)range: < 24.1.1-150600.5.23.1
- (no CPE)range: < 24.1.6-160000.4.1
- (no CPE)range: < 24.1.9-2.1
- (no CPE)range: < 1.20.3-150400.38.68.1
- (no CPE)range: < 1.20.3-150400.38.68.1
- (no CPE)range: < 21.1.4-150500.7.46.1
- (no CPE)range: < 21.1.4-150500.7.46.1
- (no CPE)range: < 21.1.15-150700.5.16.1
- (no CPE)range: < 21.1.15-150700.5.16.1
- (no CPE)range: < 1.19.6-10.99.1
- (no CPE)range: < 1.20.3-150400.38.68.1
- (no CPE)range: < 21.1.4-150500.7.46.1
- (no CPE)range: < 21.1.11-150600.5.25.1
- (no CPE)range: < 1.20.3-150400.38.68.1
- (no CPE)range: < 21.1.4-150500.7.46.1
- (no CPE)range: < 21.1.11-150600.5.25.1
- (no CPE)range: < 1.19.6-10.99.1
- (no CPE)range: < 24.1.6-160000.4.1
- (no CPE)range: < 24.1.6-160000.4.1
- (no CPE)range: < 24.1.5-150700.3.14.1
Patches
Vulnerability mechanics
References
26- access.redhat.com/security/cve/CVE-2026-34002nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- access.redhat.com/errata/RHSA-2026:20547nvd
- access.redhat.com/errata/RHSA-2026:20555nvd
- access.redhat.com/errata/RHSA-2026:20557nvd
- access.redhat.com/errata/RHSA-2026:20558nvd
- access.redhat.com/errata/RHSA-2026:20560nvd
- access.redhat.com/errata/RHSA-2026:20561nvd
- access.redhat.com/errata/RHSA-2026:20562nvd
- access.redhat.com/errata/RHSA-2026:20563nvd
- access.redhat.com/errata/RHSA-2026:20575nvd
- access.redhat.com/errata/RHSA-2026:20576nvd
- access.redhat.com/errata/RHSA-2026:20590nvd
- access.redhat.com/errata/RHSA-2026:21699nvd
- access.redhat.com/errata/RHSA-2026:21712nvd
- access.redhat.com/errata/RHSA-2026:21715nvd
- access.redhat.com/errata/RHSA-2026:21716nvd
- access.redhat.com/errata/RHSA-2026:21718nvd
- access.redhat.com/errata/RHSA-2026:21741nvd
- access.redhat.com/errata/RHSA-2026:21742nvd
- access.redhat.com/errata/RHSA-2026:22424nvd
- access.redhat.com/errata/RHSA-2026:22456nvd
- access.redhat.com/errata/RHSA-2026:23254nvd
- access.redhat.com/errata/RHSA-2026:23255nvd
- access.redhat.com/errata/RHSA-2026:23496nvd
- access.redhat.com/errata/RHSA-2026:24341nvd
News mentions
1- ZDI-26-336: X.Org Server CheckKeyActions Out-Of-Bounds Read Information Disclosure VulnerabilityZero Day Initiative · Jun 9, 2026