X.Org X Server AAF in CreateSaverWindow() (Xwayland)
CVE-2026-50263 Published on June 5, 2026
Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free information disclosure in createsaverwindow()
A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.
Vulnerability Analysis
CVE-2026-50263 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Timeline
Reported to Red Hat.
Made public. 18 days later.
Weakness Type
What is a Dangling pointer Vulnerability?
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
CVE-2026-50263 has been classified to as a Dangling pointer vulnerability or weakness.
Products Associated with CVE-2026-50263
Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.
Affected Versions
Red Hat Enterprise Linux 10:- Version 0:24.1.9-4.el10_2.2 and below * is unaffected.
- Version 0:24.1.5-6.el10_0.1 and below * is unaffected.
- Version 0:1.20.4-35.el7_9 and below * is unaffected.
- Version 0:21.1.3-20.el8_10.2 and below * is unaffected.
- Version 0:1.20.11-28.el8_10.2 and below * is unaffected.
- Version 0:1.15.0-10.el8_10 and below * is unaffected.
- Version 0:1.20.10-5.el8_4 and below * is unaffected.
- Version 0:1.20.10-5.el8_4 and below * is unaffected.
- Version 0:1.20.11-8.el8_6 and below * is unaffected.
- Version 0:1.20.11-8.el8_6 and below * is unaffected.
- Version 0:1.20.11-19.el8_8 and below * is unaffected.
- Version 0:1.20.11-19.el8_8 and below * is unaffected.
- Version 0:24.1.9-4.el9_8.2 and below * is unaffected.
- Version 0:1.20.11-34.el9_8.2 and below * is unaffected.
- Version 0:1.15.0-7.el9_8.2 and below * is unaffected.
- Version 0:1.20.11-21.el9_2 and below * is unaffected.
- Version 0:21.1.3-10.el9_2.1 and below * is unaffected.
- Version 0:1.20.11-29.el9_4 and below * is unaffected.
- Version 0:22.1.9-8.el9_4.1 and below * is unaffected.
- Version 0:1.20.11-34.el9_6 and below * is unaffected.
- Version 0:23.2.7-6.el9_6.1 and below * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.