CVE-2026-50260
published 2026-06-05CVE-2026-50260: A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers…
PriorityP345high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.15%
4.9th percentile
A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| the_x.org_foundation | xorg-x11-server | — | — |
| x.org | x_server | < 21.1.23 | 21.1.23 |
| x.org | xwayland | < 24.1.12 | 24.1.12 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
X.org X11 Server FreeCounter use after free (EUVD-2026-34816 / Nessus ID 318742)
vuldb·2026-06-06·CVSS 7.8
CVE-2026-50260 [HIGH] X.org X11 Server FreeCounter use after free (EUVD-2026-34816 / Nessus ID 318742)
A vulnerability categorized as critical has been discovered in X.org X11 Server. This impacts the function FreeCounter. Such manipulation leads to use after free.
This vulnerability is traded as CVE-2026-50260. An attack has to be approached locally. There is no exploit available.
GHSA
A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter().
ghsa_unreviewed·2026-06-05
CVE-2026-50260 [HIGH] CWE-416 A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter().
A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Red Hat
xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in FreeCounter()
vendor_redhat·2026-06-02·CVSS 7.8
CVE-2026-50260 [HIGH] CWE-416 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in FreeCounter()
xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in FreeCounter()
A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Package: xorg-x11-server-Xwayland (Red Hat Enterprise Linux 10) - Affected
Package: xorg-x11-server (Red Hat Enterprise Linux 6) - Out of support scope
Package: xorg-x11-server (Red Hat Enterprise Linux 7) - Affected
Package: xorg-x11-server (Red Hat Enterprise Linux 8) - Affected
Package: xorg-x11-server-Xwayland (Red Hat Enterprise Linux 8) - Affected
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-50260 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in FreeCounter()
bugzilla·2026-06-05·CVSS 7.8
CVE-2026-50260 [HIGH] CVE-2026-50260 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in FreeCounter()
CVE-2026-50260 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in FreeCounter()
A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection in FreeCounter().
Any X client that can connect to the server can trigger this issue. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Components affected: xorg-x11-server, xorg-x11-server-Xwayland
Versions affected: xorg-x11-server <= 21.1.22, xorg-x11-server-Xwayland <= 24.1.9
Fixed upstream in xorg-server-21.1.23 and xwayland-24.1.12.
Fix: https://gitlab.freedesktop.org/xorg/xserver/-/commit/f5abfb61994471023d8c6470428c8e30c411cc0b
Reported via ZDI-CAN-30163 (Trend Micr
Rapid7
Patch Tuesday - June 2026
blogs_rapid7·2026-06-09·CVSS 7.8
CVE-2026-33825 [HIGH] Patch Tuesday - June 2026
Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to last month’s Patch Tuesday, however several of last month’s vulnerabilities ended up on CISA KEV in the days following their publication. So far this month, Microsoft has provided patches to address 360 browser vulnerabilities, which is an order of magnitude more than has been typical in any given month over the past few years. As usual, browser vulns are not included in the Patch Tuesday count above. Indeed, the vast, and presumably sustained, uptick in the number of browser vulnerabilities has led to Microsoft no longer enumerating Chromium CVEs in the Security Update G
https://access.redhat.com/errata/RHSA-2026:26562https://access.redhat.com/errata/RHSA-2026:26566https://access.redhat.com/errata/RHSA-2026:26590https://access.redhat.com/errata/RHSA-2026:26610https://access.redhat.com/errata/RHSA-2026:26709https://access.redhat.com/errata/RHSA-2026:28923https://access.redhat.com/errata/RHSA-2026:29844https://access.redhat.com/security/cve/CVE-2026-50260https://bugzilla.redhat.com/show_bug.cgi?id=2485385https://gitlab.freedesktop.org/xorg/xserver/-/commit/f5abfb61994471023d8c6470428c8e30c411cc0bhttps://lists.x.org/archives/xorg-announce/2026-June/003702.htmlhttps://redhat.atlassian.net/browse/PSIRTSUPT-16950https://access.redhat.com/errata/RHSA-2026:26562https://access.redhat.com/errata/RHSA-2026:26566https://access.redhat.com/errata/RHSA-2026:26590https://access.redhat.com/errata/RHSA-2026:26610https://access.redhat.com/errata/RHSA-2026:26709https://access.redhat.com/errata/RHSA-2026:28923https://access.redhat.com/errata/RHSA-2026:29844https://access.redhat.com/security/cve/CVE-2026-50260https://bugzilla.redhat.com/show_bug.cgi?id=2485385https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-50260.json
2026-06-05
Published