UAF in X.Org X Server XWayland SyncChangeCounter()
CVE-2026-50261 Published on June 5, 2026

Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()
A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or for privilege escalation if the X server runs as root.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-50261 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Timeline

Reported to Red Hat.

Made public. 18 days later.

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2026-50261 has been classified to as a Dangling pointer vulnerability or weakness.


Products Associated with CVE-2026-50261

Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.

 
 
 
 

Affected Versions

Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 7 Extended Lifecycle Support: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: Red Hat Enterprise Linux 9: Red Hat Enterprise Linux 9: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions: Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions: Red Hat Enterprise Linux 9.6 Extended Update Support: Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux Server (v. 7 ELS): Red Hat Enterprise Linux Server Optional (v. 7 ELS): Red Hat Enterprise Linux AppStream (v. 10): Red Hat Enterprise Linux AppStream (v. 8): Red Hat Enterprise Linux AppStream E4S (v.9.2): Red Hat Enterprise Linux AppStream E4S (v.9.4): Red Hat Enterprise Linux AppStream EUS (v.9.6): Red Hat Enterprise Linux AppStream (v. 9): Red Hat Enterprise Linux CodeReady Linux Builder (v. 10): Red Hat Enterprise Linux CRB (v. 8): Red Hat CodeReady Linux Builder EUS (v.9.6): Red Hat Enterprise Linux CodeReady Linux Builder (v. 9): Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 7:

Exploit Probability

EPSS
0.19%
Percentile
9.00%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.