THREATOPS
THREAT OPSThreat News › [NVD] CVE-2026-50260 (HIGH 7.8) — A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the

[NVD] CVE-2026-50260 (HIGH 7.8) — A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the

lownvdPublished 2026-06-05

CVE-2026-50260 CVSS: 7.8 HIGH Published: 2026-06-05T12:16:39.430

A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for privilege escalation if the X server ru

Indicators of compromise

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-50260