HIGHVulnerability
Verified
Global

NVD HIGH: CVE-2026-50256 — A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland....

·Source: NIST NVD

Updated:

Executive Summary

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias target name length is 1024 bytes. A font alias name between 257 and 1023 bytes causes the X server to c

Analysis

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias target name length is 1024 bytes. A font alias name between 257 and 1023 bytes causes the X server to copy that name into the undersized stack buffer without further checks. This may be used to crash the server, or for privilege escalation if the X server runs as root. CVSS Score: 7.8. Published: 2026-06-05T12:16:38.727.

Indicators of Compromise (1)

CVE (1)
CVE-2026-50256
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on Jun 5, 2026. Verified by: NIST.

Related Threats

CRITICALVulnerabilityNEW

Ivanti Sentry Exploitation Attempts Hitting Honeypots

The critical-severity OS command injection vulnerability allows attackers to execute arbitrary code with root privileges. The post Ivanti Sentry Exploitation Attempts Hitting Honeypots appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerabilityNEW

Investor Pointe launches, designed to help private markets firms serve more investors

Investor Pointe launches today as a technology and services company built to unify how private markets firms operate. The company unites an AI-enabled platform, a specialist services team, and a portfolio of tailored solutions to support private markets firms throughout the entire investor lifecycle, from fund design and fundraising through to investor servicing, reporting, and data optimisation.

Finextra
CRITICALVulnerability

Chrome 149 Update Patches 28 Vulnerabilities

The browser refresh resolved critical and high-severity security defects, including a dozen use-after-free bugs. The post Chrome 149 Update Patches 28 Vulnerabilities appeared first on SecurityWeek .

SecurityWeek