CVE-2026-50264 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Debian Releases

Debian Product

Codename

xorg-server

bookworm	vulnerable
bookworm (security)	vulnerable
bullseye	vulnerable
bullseye (security)	vulnerable
forky	vulnerable
sid	2:21.1.23-1 fixed
trixie	vulnerable
trixie (security)	vulnerable

xwayland

bookworm	ignored
forky	vulnerable
sid	2:24.1.12-1 fixed
trixie	ignored

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

Vulnerability Media Exposure

[GERMAN] X.Org X11 und Xwayland: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in X.Org X11 und Xwayland ausnutzen, um Informationen offenzulegen, um seine Privilegien zu erhöhen, um einen Denial of Service Angriff durchzuführen, und um einen nicht näher spezifizierten Angriff durchzuführen.
Published: 2026-06-01T22:00:00+00:00

References

https://access.redhat.com/security/cve/CVE-2026-50264

https://bugzilla.redhat.com/show_bug.cgi?id=2485389

https://gitlab.freedesktop.org/xorg/xserver/-/commit/339c279514326134b0878fc23ce6e9520440ce7f

https://lists.x.org/archives/xorg-announce/2026-June/003702.html

https://redhat.atlassian.net/browse/PSIRTSUPT-16950