NVD HIGH: CVE-2026-50260 — A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounte...

Friday, June 5, 2026 at 12:16 PM UTC·Source: NIST NVD

Updated: Thursday, June 11, 2026 at 08:00 AM UTC

Executive Summary

A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for privilege escalation if the X server runs as root.

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-50260

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on Jun 5, 2026. Verified by: NIST.

Related Threats

CRITICALVulnerabilityNEW

Ivanti Sentry Exploitation Attempts Hitting Honeypots

The critical-severity OS command injection vulnerability allows attackers to execute arbitrary code with root privileges. The post Ivanti Sentry Exploitation Attempts Hitting Honeypots appeared first on SecurityWeek .

54m agoSecurityWeek

MEDIUMVulnerabilityNEW

Investor Pointe launches, designed to help private markets firms serve more investors

Investor Pointe launches today as a technology and services company built to unify how private markets firms operate. The company unites an AI-enabled platform, a specialist services team, and a portfolio of tailored solutions to support private markets firms throughout the entire investor lifecycle, from fund design and fundraising through to investor servicing, reporting, and data optimisation.

59m agoFinextra

CRITICALVulnerability

Chrome 149 Update Patches 28 Vulnerabilities

The browser refresh resolved critical and high-severity security defects, including a dozen use-after-free bugs. The post Chrome 149 Update Patches 28 Vulnerabilities appeared first on SecurityWeek .

1h agoSecurityWeek