CVE-2026-50263

MEDIUM

A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.

CVSS v3.1 Score

5.5
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
LOCAL
Complexity
LOW
Privileges
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE
Published: 6/5/2026Modified: 6/11/2026

Related Intelligence (1)

CRITICALZero Day

Patch Tuesday - June 2026

Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to last month’s Patch Tuesday, however several of last month’s vulnerabilities ended up on CISA KEV in the days following their publication. So far this month, Microsoft has provide

CVE-2026-33825CVE-2026-45585
Rapid7

References (5)

https://access.redhat.com/security/cve/CVE-2026-50263Third Party Advisoryhttps://bugzilla.redhat.com/show_bug.cgi?id=2485388Issue TrackingThird Party Advisoryhttps://gitlab.freedesktop.org/xorg/xserver/-/commit/ecc634f1b2f7aa473d3a267eada98c4918bf9e05Patchhttps://lists.x.org/archives/xorg-announce/2026-June/003702.htmlMailing ListVendor Advisoryhttps://redhat.atlassian.net/browse/PSIRTSUPT-16950Permissions Required