CVE-2026-33999 Red Hat CVE debrief

Who should care

Organizations running X.Org X server deployments, particularly those enabling remote X11 access or multi-user environments with XKB functionality. System administrators managing Red Hat Enterprise Linux and derivative distributions should prioritize patch deployment given the multiple RHSA advisories issued.

Technical summary

CVE-2026-33999 is an integer underflow vulnerability (CWE-191) in the X.Org X server's XKB (X Keyboard Extension) compatibility map handling code. The flaw occurs when processing XKB compatibility map data, where an integer underflow can lead to a buffer read overrun. An attacker with local or remote access to an X11 server can exploit this to trigger memory-safety violations. The vulnerability has a CVSS 3.1 score of 7.8 (HIGH) with attack vector LOCAL, low attack complexity, low privileges required, and no user interaction needed, resulting in high impacts to confidentiality, integrity, and availability. Red Hat has issued multiple security advisories (RHSA-2026:10739, RHSA-2026:11352, RHSA-2026:11369, RHSA-2026:11388, RHSA-2026:11656, RHSA-2026:11692, RHSA-2026:13414, and others) indicating active remediation across their product portfolio. The CVE was published on 2026-04-23 and last modified on 2026-05-20.

Defensive priority

HIGH

Recommended defensive actions

• Apply relevant Red Hat Security Advisory patches as they become available for your product versions
• Restrict X11 server access to trusted hosts and users where patching is not immediately feasible
• Monitor X server logs for anomalous XKB-related activity
• Review network segmentation to limit remote X11 exposure
• Validate X.Org X server version against vendor security bulletins

Evidence notes

CVE description confirms integer underflow in XKB compatibility map handling with CVSS 7.8 (HIGH). CWE-191 (Integer Underflow) identified by Red Hat. Multiple RHSA errata published indicating active remediation across Red Hat product portfolio.

Official resources