NVD HIGH: CVE-2026-50258 — A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland....

Friday, June 5, 2026 at 12:16 PM UTC·Source: NIST NVD

Updated: Thursday, June 11, 2026 at 08:00 AM UTC

Executive Summary

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift levels and trigger stack overflows. This is caused by an incomplete fix of CVE-2025-26597. This may

Analysis

Indicators of Compromise (2)

CVE (2)

CVE-2025-26597

NVD MITRE CVE

CVE-2026-50258

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on Jun 5, 2026. Verified by: NIST.

Related Threats

CRITICALVulnerabilityNEW

Ivanti Sentry Exploitation Attempts Hitting Honeypots

The critical-severity OS command injection vulnerability allows attackers to execute arbitrary code with root privileges. The post Ivanti Sentry Exploitation Attempts Hitting Honeypots appeared first on SecurityWeek .

54m agoSecurityWeek

MEDIUMVulnerabilityNEW

Investor Pointe launches, designed to help private markets firms serve more investors

Investor Pointe launches today as a technology and services company built to unify how private markets firms operate. The company unites an AI-enabled platform, a specialist services team, and a portfolio of tailored solutions to support private markets firms throughout the entire investor lifecycle, from fund design and fundraising through to investor servicing, reporting, and data optimisation.

59m agoFinextra

CRITICALVulnerability

Chrome 149 Update Patches 28 Vulnerabilities

The browser refresh resolved critical and high-severity security defects, including a dozen use-after-free bugs. The post Chrome 149 Update Patches 28 Vulnerabilities appeared first on SecurityWeek .

1h agoSecurityWeek