THREAT OPS › Threat News › [NVD] CVE-2026-50260 (HIGH 7.8) — A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the
[NVD] CVE-2026-50260 (HIGH 7.8) — A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the
CVE-2026-50260 CVSS: 7.8 HIGH Published: 2026-06-05T12:16:39.430
A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for privilege escalation if the X server ru
Indicators of compromise
- CVE-2026-50260cve
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-50260