CVE-2026-56000

Severity CVSS v4.0:
CRITICAL
Type:
CWE-416 Use After Free
Publication date:
08/07/2026
Last modified:
09/07/2026

Description

Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent() pointing into potentially reallocated memory.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:* 21.2.24 (excluding)
cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:* 24.1.13 (excluding)