THREAT OPS › Threat News › [NVD] CVE-2026-50258 (HIGH 7.8) — A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key type
[NVD] CVE-2026-50258 (HIGH 7.8) — A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key type
CVE-2026-50258 CVSS: 7.8 HIGH Published: 2026-06-05T12:16:39.070
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift levels and trigger stack overflow
Indicators of compromise
- CVE-2026-50258cve
- CVE-2025-26597cve
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-50258