CVE-2026-50263
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk4th percentile - higher than 4% of all known CVEs
Summary
A use-after-free vulnerability was found in the X.Org X server and Xwayland in the CreateSaverWindow() function. A client can trigger a use-after-free read by changing window attributes and forcing the screen saver, leading to information disclosure.
Risk Assessment
The risk involves potential leakage of sensitive data from the X server memory, which could allow an attacker to access information from other processes or users.
Recommendation
Immediately update the X.Org server and Xwayland to the latest patched version. If an update is not possible, restrict X server access to trusted clients only.
Original NVD description (English source)
A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.

