PatchSiren cyber security CVE debrief
CVE-2026-50263 Red Hat CVE debrief
A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure. This vulnerability has a CVSS score of 5.5 and a severity of MEDIUM.
- Vendor
- Red Hat
- Product
- Red Hat Enterprise Linux 10
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-11
Who should care
Users of X.Org X server and Xwayland should be aware of this vulnerability. Specifically, users of Red Hat Enterprise Linux 7, 8, 9, and 10 may be affected.
Technical summary
The vulnerability is caused by a use-after-free flaw in the CreateSaverWindow() function. This flaw allows a client to trigger a use-after-free read, potentially leading to information disclosure.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply the patches provided by the vendor.
- Restrict access to the X server and Xwayland.
- Monitor for suspicious activity.
Evidence notes
The CVE record and NVD detail pages provide additional information about this vulnerability.
Official resources
-
CVE-2026-50263 CVE record
CVE.org
-
CVE-2026-50263 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Mailing List, Vendor Advisory
-
Source reference
[email protected] - Permissions Required
CVE-2026-50263 was published on 2026-06-05T12:16:39.927Z and modified on 2026-06-11T19:46:41.940Z.