CVE-2026-56000
Severity CVSS v4.0:
CRITICAL
Type:
CWE-416
Use After Free
Publication date:
08/07/2026
Last modified:
09/07/2026
Description
Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent() pointing into potentially reallocated memory.
Impact
Base Score 4.0
9.00
Severity 4.0
CRITICAL
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:* | 21.2.24 (excluding) | |
| cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:* | 24.1.13 (excluding) |
To consult the complete list of CPE names with products and versions, see this page



