CVE Catalog

CVE-2026-50262

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile - higher than 3% of all known CVEs

Summary

An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default.

Risk Assessment

The risk involves potential leakage of sensitive data from the X server memory, which could allow an attacker to remotely obtain information about the system or other users.

Recommendation

It is recommended to immediately update the X.Org X server and Xwayland to the latest patched version. Consider temporarily disabling unnecessary GLX features if an update is not possible.

Original NVD description (English source)

An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS