Heap UAF in xorg-server/xwayland <21.2.24/24.1.13 via GLX commit
CVE-2026-56000 Published on July 8, 2026

xorg-x11-server / xwayland GLX contextTags Use-After-Free in CommonMakeCurrent()
Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent() pointing into potentially reallocated memory.

Vendor Advisory NVD

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2026-56000 has been classified to as a Dangling pointer vulnerability or weakness.


Products Associated with CVE-2026-56000

stack.watch emails you whenever new vulnerabilities are published in Xorg X11 or Xorg Xwayland. Just hit a watch button to start following.

 
 

Affected Versions

X.Org xorg-x11-server: X.Org xwayland: