CVE-2026-50259 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexing

🗓️ 05 Jun 2026 10:31:39Reported by redhatType

Stack overflow in X.Org X server via XkbSetMapChecks writes to mapWidths with client offset, risking crash or privilege escalation.

Reporter	Title	Published	Views	Family All 28
FreeBSD	xwayland -- Multiple vulnerabilities	1 Jun 202600:00	–	freebsd
FreeBSD	xorg-server -- Multiple vulnerabilities	1 Jun 202600:00	–	freebsd
ATTACKERKB	CVE-2026-50259	5 Jun 202610:31	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : xorg-x11-server-Xwayland, xorg-x11-server-Xwayland-devel (ALAS2023-2026-1789)	8 Jun 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : xorg-x11-server-common, xorg-x11-server-devel, xorg-x11-server-source (ALAS2023-2026-1790)	8 Jun 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : xorg-x11-server, --advisory ALAS2-2026-3336 (ALAS-2026-3336)	8 Jun 202600:00	–	nessus
Tenable Nessus	FreeBSD : xwayland -- Multiple vulnerabilities (36cb0ced-5e23-11f1-86a2-589cfc10a551)	6 Jun 202600:00	–	nessus
Tenable Nessus	FreeBSD : xorg-server -- Multiple vulnerabilities (592ced15-5e20-11f1-86a2-589cfc10a551)	6 Jun 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-50259	5 Jun 202600:00	–	nessus
Amazon	Important: xorg-x11-server	8 Jun 202600:00	–	amazon

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xorg-x11-server-Xwayland",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xorg-x11-server",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xorg-x11-server",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xorg-x11-server",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xorg-x11-server-Xwayland",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xorg-x11-server",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "xorg-x11-server-Xwayland",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/security/cve/CVE-2026-50259
gitlab	www.gitlab.freedesktop.org/xorg/xserver/-/commit/867b59b33bee669cb412f1314e47c52eacf6e00b
redhat	www.redhat.atlassian.net/browse/PSIRTSUPT-16950
lists	www.lists.x.org/archives/xorg-announce/2026-June/003702.html

05 Jun 2026 10:31Current

CVSS 3.17.8

EPSS0.00014

CWE-121