Heap UAF in xorg-server/xwayland <21.2.24/24.1.13 via GLX commit
CVE-2026-56000 Published on July 8, 2026
xorg-x11-server / xwayland GLX contextTags Use-After-Free in CommonMakeCurrent()
Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent() pointing into potentially reallocated memory.
Weakness Type
What is a Dangling pointer Vulnerability?
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
CVE-2026-56000 has been classified to as a Dangling pointer vulnerability or weakness.
Products Associated with CVE-2026-56000
stack.watch emails you whenever new vulnerabilities are published in Xorg X11 or Xorg Xwayland. Just hit a watch button to start following.
Affected Versions
X.Org xorg-x11-server:- Before 21.1.24 is affected.
- Before 24.1.13 is affected.