NVD HIGH: CVE-2026-50257 — A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDest...

Friday, June 5, 2026 at 12:16 PM UTC·Source: NIST NVD

Updated: Thursday, June 11, 2026 at 07:00 AM UTC

Executive Summary

A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a second X connection destroys the fence, causing the use-after-free. This may be used to crash the server, or for privileg

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-50257

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on Jun 5, 2026. Verified by: NIST.

Related Threats

CRITICALVulnerabilityNEW

Ivanti Sentry Exploitation Attempts Hitting Honeypots

The critical-severity OS command injection vulnerability allows attackers to execute arbitrary code with root privileges. The post Ivanti Sentry Exploitation Attempts Hitting Honeypots appeared first on SecurityWeek .

54m agoSecurityWeek

MEDIUMVulnerabilityNEW

Investor Pointe launches, designed to help private markets firms serve more investors

Investor Pointe launches today as a technology and services company built to unify how private markets firms operate. The company unites an AI-enabled platform, a specialist services team, and a portfolio of tailored solutions to support private markets firms throughout the entire investor lifecycle, from fund design and fundraising through to investor servicing, reporting, and data optimisation.

58m agoFinextra

CRITICALVulnerability

Chrome 149 Update Patches 28 Vulnerabilities

The browser refresh resolved critical and high-severity security defects, including a dozen use-after-free bugs. The post Chrome 149 Update Patches 28 Vulnerabilities appeared first on SecurityWeek .

1h agoSecurityWeek