CVE-2026-50258

Vulnerability

A stack-based buffer overflow flaw exists in the X.Org X server and Xwayland due to the CheckKeyTypes() function not verifying or clamping non-canonical key types to XkbMaxShiftLevel. This allows a client to set key types to excessive shift levels, triggering stack overflows. This vulnerability is an incomplete fix for CVE-2025-26597. Affected versions include xorg-x11-server up to 21.1.22 and xorg-x11-server-Xwayland up to 24.1.9 [3].

Exploitation

An attacker with the ability to connect to the X server as a client can trigger this vulnerability. By changing key types to excessive shift levels, the attacker can cause stack overflows. This requires no special privileges beyond the ability to connect to the X server [3].

Impact

Successful exploitation of this vulnerability can lead to a denial-of-service by crashing the X server. Furthermore, if the X server is running with root privileges, this flaw may be exploited for privilege escalation [3].

Mitigation

This issue has been fixed upstream in xorg-server version 21.1.23 and xwayland version 24.1.12. The fix can be found at [4]. No workarounds are mentioned in the available references, and the vulnerability is not listed as being part of the KEV catalog at this time.