CVE-2026-50260 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Debian Releases

Debian Product

Codename

xorg-server

bookworm	vulnerable
bookworm (security)	vulnerable
bullseye	vulnerable
bullseye (security)	vulnerable
forky	vulnerable
sid	2:21.1.23-1 fixed
trixie	vulnerable
trixie (security)	vulnerable

xwayland

bookworm	ignored
forky	vulnerable
sid	2:24.1.12-1 fixed
trixie	ignored

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Vulnerability Media Exposure

[GERMAN] X.Org X11 und Xwayland: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in X.Org X11 und Xwayland ausnutzen, um Informationen offenzulegen, um seine Privilegien zu erhöhen, um einen Denial of Service Angriff durchzuführen, und um einen nicht näher spezifizierten Angriff durchzuführen.
Published: 2026-06-01T22:00:00+00:00

References

https://access.redhat.com/security/cve/CVE-2026-50260

https://bugzilla.redhat.com/show_bug.cgi?id=2485385

https://gitlab.freedesktop.org/xorg/xserver/-/commit/f5abfb61994471023d8c6470428c8e30c411cc0b

https://lists.x.org/archives/xorg-announce/2026-June/003702.html

https://redhat.atlassian.net/browse/PSIRTSUPT-16950