CVE Catalog

CVE-2026-50263

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile - higher than 4% of all known CVEs

Summary

A use-after-free vulnerability was found in the X.Org X server and Xwayland in the CreateSaverWindow() function. A client can trigger a use-after-free read by changing window attributes and forcing the screen saver, leading to information disclosure.

Risk Assessment

The risk involves potential leakage of sensitive data from the X server memory, which could allow an attacker to access information from other processes or users.

Recommendation

Immediately update the X.Org server and Xwayland to the latest patched version. If an update is not possible, restrict X server access to trusted clients only.

Original NVD description (English source)

A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS