AI description
Automated description summarized from trusted sources.
CVE-2026-50263 describes a use-after-free vulnerability found in the `CreateSaverWindow()` function of the X.Org X server and Xwayland. This flaw allows a client to trigger a use-after-free read operation. By manipulating window attributes and forcing the screen saver, an attacker can exploit this vulnerability, which ultimately leads to information disclosure. This issue has been identified in products such as Red Hat Enterprise Linux 10.
- Description
- A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.
- Source
- secalert@redhat.com
- NVD status
- Undergoing Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- secalert@redhat.com
- CWE-416
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
3