CVE-2026-50262EPSS p7.1%

CVE-2026-50262CVE-2026-50262

x.org / x_server

Description

An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default.

Scoring

CVSS 5.5 ()
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS0.17% probability of exploitation · percentile 7.1% · 2026-06-19T12:03:05Z
Last modified2026-06-15

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-50264
CVE
CVE-2026-34000
CVE
CVE-2026-50256
CVE
CVE-2026-50258
CVE
CVE-2026-50263
CVE
CVE-2026-33999
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.