High severity7.8NVD Advisory· Published Jun 5, 2026· Updated Jun 5, 2026

CVE-2026-50259

Description

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This may be used to crash the server, or for privilege escalation if the X server runs as root.

Affected products

Xorg/Xserverinferred
Xorg/X serverllm-create
Xorg/Xwaylandllm-create

Patches

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

access.redhat.com/security/cve/CVE-2026-50259nvd
bugzilla.redhat.com/show_bug.cginvd
gitlab.freedesktop.org/xorg/xserver/-/commit/867b59b33bee669cb412f1314e47c52eacf6e00bnvd
lists.x.org/archives/xorg-announce/2026-June/003702.htmlnvd
redhat.atlassian.net/browse/PSIRTSUPT-16950nvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000