CVE-2026-50256
published 2026-06-05CVE-2026-50256: A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name…
PriorityP348high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.16%
5.3th percentile
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias target name length is 1024 bytes. A font alias name between 257 and 1023 bytes causes the X server to copy that name into the undersized stack buffer without further checks. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| the_x.org_foundation | xorg-x11-server | — | — |
| x.org | x_server | < 21.1.23 | 21.1.23 |
| x.org | xwayland | < 24.1.12 | 24.1.12 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
X.org X11 Server stack-based overflow (Nessus ID 318749 / WID-SEC-2026-1774)
vuldb·2026-06-06·CVSS 7.8
CVE-2026-50256 [HIGH] X.org X11 Server stack-based overflow (Nessus ID 318749 / WID-SEC-2026-1774)
A vulnerability was found in X.org X11 Server and classified as critical. Impacted is an unknown function. Executing a manipulation can lead to stack-based buffer overflow.
This vulnerability is registered as CVE-2026-50256. The attack needs to be launched locally. No exploit is available.
GHSA
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland.
ghsa_unreviewed·2026-06-05
CVE-2026-50256 [HIGH] CWE-121 A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland.
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias target name length is 1024 bytes. A font alias name between 257 and 1023 bytes causes the X server to copy that name into the undersized stack buffer without further checks. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Red Hat
xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch
vendor_redhat·2026-06-02·CVSS 7.8
CVE-2026-50256 [HIGH] CWE-121 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch
xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias target name length is 1024 bytes. A font alias name between 257 and 1023 bytes causes the X server to copy that name into the undersized stack buffer without further checks. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Package: xorg-x11-server-Xwayland (Red Hat Enterprise Linux 10) - Affected
Package: x
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-50256 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch
bugzilla·2026-06-05·CVSS 7.8
CVE-2026-50256 [HIGH] CVE-2026-50256 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch
CVE-2026-50256 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch
A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias target name length is 1024 bytes. A font alias name between 257 and 1023 bytes causes the X server to copy that name into the undersized stack buffer without further checks.
Any X client that can connect to the server can trigger this issue. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Components affected: xorg-x11-server, xorg-x11-server-Xwayland
Versions affected: x
Rapid7
Patch Tuesday - June 2026
blogs_rapid7·2026-06-09·CVSS 7.8
CVE-2026-33825 [HIGH] Patch Tuesday - June 2026
Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to last month’s Patch Tuesday, however several of last month’s vulnerabilities ended up on CISA KEV in the days following their publication. So far this month, Microsoft has provided patches to address 360 browser vulnerabilities, which is an order of magnitude more than has been typical in any given month over the past few years. As usual, browser vulns are not included in the Patch Tuesday count above. Indeed, the vast, and presumably sustained, uptick in the number of browser vulnerabilities has led to Microsoft no longer enumerating Chromium CVEs in the Security Update G
https://access.redhat.com/errata/RHSA-2026:26562https://access.redhat.com/errata/RHSA-2026:26566https://access.redhat.com/errata/RHSA-2026:26590https://access.redhat.com/errata/RHSA-2026:26610https://access.redhat.com/errata/RHSA-2026:26709https://access.redhat.com/errata/RHSA-2026:28923https://access.redhat.com/errata/RHSA-2026:29844https://access.redhat.com/security/cve/CVE-2026-50256https://bugzilla.redhat.com/show_bug.cgi?id=2485380https://gitlab.freedesktop.org/xorg/xserver/-/commit/bb5158f962dc935e58ef8b4b5fcb31be201a6e07https://lists.x.org/archives/xorg-announce/2026-June/003702.htmlhttps://redhat.atlassian.net/browse/PSIRTSUPT-16950https://access.redhat.com/errata/RHSA-2026:26562https://access.redhat.com/errata/RHSA-2026:26566https://access.redhat.com/errata/RHSA-2026:26590https://access.redhat.com/errata/RHSA-2026:26610https://access.redhat.com/errata/RHSA-2026:26709https://access.redhat.com/errata/RHSA-2026:28923https://access.redhat.com/errata/RHSA-2026:29844https://access.redhat.com/security/cve/CVE-2026-50256https://bugzilla.redhat.com/show_bug.cgi?id=2485380https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-50256.json
2026-06-05
Published