PatchSiren cyber security CVE debrief
CVE-2026-50262 Red Hat CVE debrief
CVE-2026-50262 is a medium-severity vulnerability in the X.Org X server and Xwayland. An out-of-bounds read flaw was found in __glXDisp_ChangeDrawableAttributes, allowing a client-controlled number of bytes to be read, exceeding the request buffer, and leading to information disclosure. A write path also exists but requires byte-swapped clients, which is disabled by default. The vulnerability has a CVSS score of 5.5 and was published on 2026-06-05T12:16:39.770Z.
- Vendor
- Red Hat
- Product
- Red Hat Enterprise Linux 10
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-05
Who should care
Users of X.Org X server and Xwayland should apply patches to mitigate this vulnerability.
Technical summary
The vulnerability is caused by a wrong size validation check in __glXDisp_ChangeDrawableAttributes, allowing an out-of-bounds read. This can lead to information disclosure.
Defensive priority
medium
Recommended defensive actions
- Apply patches from vendors like Red Hat
- Review and update X.Org X server and Xwayland installations
Evidence notes
Vendor and product information is still being gathered. Red Hat is likely affected.
Official resources
CVE-2026-50262 was published on 2026-06-05T12:16:39.770Z and modified on 2026-06-05T13:27:38.750Z.