CVE-2026-50259
published 2026-06-05CVE-2026-50259: A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed…
PriorityP348high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.17%
6.0th percentile
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| the_x.org_foundation | xorg-x11-server | — | — |
| x.org | x_server | < 21.1.23 | 21.1.23 |
| x.org | xwayland | < 24.1.12 | 24.1.12 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
X.org X11 Server _XkbSetMapChecks stack-based overflow (EUVD-2026-34814 / Nessus ID 318750)
vuldb·2026-06-06·CVSS 7.8
CVE-2026-50259 [HIGH] X.org X11 Server _XkbSetMapChecks stack-based overflow (EUVD-2026-34814 / Nessus ID 318750)
A vulnerability was found in X.org X11 Server. It has been rated as critical. This affects the function _XkbSetMapChecks. This manipulation causes stack-based buffer overflow.
This vulnerability appears as CVE-2026-50259. The attack requires local access. There is no available exploit.
Upgrading the affected component is advised.
GHSA
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland.
ghsa_unreviewed·2026-06-05
CVE-2026-50259 [HIGH] CWE-121 A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland.
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Red Hat
xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB SetMap request via mapWidths indexing
vendor_redhat·2026-06-02·CVSS 7.8
CVE-2026-50259 [HIGH] CWE-121 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB SetMap request via mapWidths indexing
xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB SetMap request via mapWidths indexing
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Package: xorg-x11-server-Xwayland (Red Hat Enterprise Linux 10) - Affected
Package: xorg-x11-server (Red Hat Enterprise Linux 6) - Out of support scope
Package: xorg-x11-server (Red Hat Enterprise Linux 7) - Affected
Package: xorg-x11-server (Red Hat Enterprise Linux 8) -
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-50259 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB SetMap request via mapWidths indexing
bugzilla·2026-06-05·CVSS 7.8
CVE-2026-50259 [HIGH] CVE-2026-50259 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB SetMap request via mapWidths indexing
CVE-2026-50259 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB SetMap request via mapWidths indexing
_XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a stack buffer overflow.
Any X client that can connect to the server can trigger this issue. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Components affected: xorg-x11-server, xorg-x11-server-Xwayland
Versions affected: xorg-x11-server <= 21.1.22, xorg-x11-server-Xwayland <= 24.1.9
Fixed upstream in xorg-server-21.1.23 and xwayland-24.1.12.
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/867b59b3
Rapid7
Patch Tuesday - June 2026
blogs_rapid7·2026-06-09·CVSS 7.8
CVE-2026-33825 [HIGH] Patch Tuesday - June 2026
Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to last month’s Patch Tuesday, however several of last month’s vulnerabilities ended up on CISA KEV in the days following their publication. So far this month, Microsoft has provided patches to address 360 browser vulnerabilities, which is an order of magnitude more than has been typical in any given month over the past few years. As usual, browser vulns are not included in the Patch Tuesday count above. Indeed, the vast, and presumably sustained, uptick in the number of browser vulnerabilities has led to Microsoft no longer enumerating Chromium CVEs in the Security Update G
https://access.redhat.com/errata/RHSA-2026:26562https://access.redhat.com/errata/RHSA-2026:26566https://access.redhat.com/errata/RHSA-2026:26590https://access.redhat.com/errata/RHSA-2026:26610https://access.redhat.com/errata/RHSA-2026:26709https://access.redhat.com/errata/RHSA-2026:28923https://access.redhat.com/errata/RHSA-2026:29844https://access.redhat.com/security/cve/CVE-2026-50259https://bugzilla.redhat.com/show_bug.cgi?id=2485384https://gitlab.freedesktop.org/xorg/xserver/-/commit/867b59b33bee669cb412f1314e47c52eacf6e00bhttps://lists.x.org/archives/xorg-announce/2026-June/003702.htmlhttps://redhat.atlassian.net/browse/PSIRTSUPT-16950https://access.redhat.com/errata/RHSA-2026:26562https://access.redhat.com/errata/RHSA-2026:26566https://access.redhat.com/errata/RHSA-2026:26590https://access.redhat.com/errata/RHSA-2026:26610https://access.redhat.com/errata/RHSA-2026:26709https://access.redhat.com/errata/RHSA-2026:28923https://access.redhat.com/errata/RHSA-2026:29844https://access.redhat.com/security/cve/CVE-2026-50259https://bugzilla.redhat.com/show_bug.cgi?id=2485384https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-50259.json
2026-06-05
Published