{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34003", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-03-25T04:53:13.615Z", "datePublished": "2026-04-23T14:54:05.479Z", "dateUpdated": "2026-05-04T12:38:28.602Z"}, "containers": {"cna": {"title": "Xorg: xwayland: x.org x server: information exposure and denial of service via out-of-bounds memory access", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server-Xwayland", "defaultStatus": "affected", "versions": [{"version": "0:24.1.5-6.el10_1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:10.1"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server-Xwayland", "defaultStatus": "affected", "versions": [{"version": "0:21.1.3-20.el8_10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server", "defaultStatus": "affected", "versions": [{"version": "0:1.20.11-28.el8_10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.15.0-9.el8_10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.15.0-6.el9_7.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server-Xwayland", "defaultStatus": "affected", "versions": [{"version": "0:23.2.7-6.el9_7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server", "defaultStatus": "affected", "versions": [{"version": "0:1.20.11-33.el9_7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:10739", "name": "RHSA-2026:10739", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:11352", "name": "RHSA-2026:11352", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:11369", "name": "RHSA-2026:11369", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:11388", "name": "RHSA-2026:11388", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:11656", "name": "RHSA-2026:11656", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:11692", "name": "RHSA-2026:11692", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:13414", "name": "RHSA-2026:13414", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2026-34003", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451113", "name": "RHBZ#2451113", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-04-23T14:18:00.653Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-125: Out-of-bounds Read", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}], "timeline": [{"lang": "en", "time": "2026-03-25T07:19:13.949Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-23T14:18:00.653Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Jan-Niklas Sohn (TrendAI Zero Day Initiative) for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-05-04T12:38:28.602Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-23T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-34003"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-24T03:55:31.996Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34003", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-23T17:20:40.546545Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T17:20:44.391Z"}}], "cna": {"title": "Xorg: xwayland: x.org x server: information exposure and denial of service via out-of-bounds memory access", "credits": [{"lang": "en", "value": "Red Hat would like to thank Jan-Niklas Sohn (TrendAI Zero Day Initiative) for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/o:redhat:enterprise_linux:10.1"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "versions": [{"status": "unaffected", "version": "0:24.1.5-6.el10_1", "lessThan": "*", "versionType": "rpm"}], "packageName": "xorg-x11-server-Xwayland", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:21.1.3-20.el8_10", "lessThan": "*", "versionType": "rpm"}], "packageName": "xorg-x11-server-Xwayland", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:1.20.11-28.el8_10", "lessThan": "*", "versionType": "rpm"}], "packageName": "xorg-x11-server", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:1.15.0-9.el8_10", "lessThan": "*", "versionType": "rpm"}], "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:1.15.0-6.el9_7.1", "lessThan": "*", "versionType": "rpm"}], "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:23.2.7-6.el9_7", "lessThan": "*", "versionType": "rpm"}], "packageName": "xorg-x11-server-Xwayland", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:1.20.11-33.el9_7", "lessThan": "*", "versionType": "rpm"}], "packageName": "xorg-x11-server", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "xorg-x11-server", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "tigervnc", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "xorg-x11-server", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2026-03-25T07:19:13.949Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-23T14:18:00.653Z", "value": "Made public."}], "datePublic": "2026-04-23T14:18:00.653Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:10739", "name": "RHSA-2026:10739", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:11352", "name": "RHSA-2026:11352", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:11369", "name": "RHSA-2026:11369", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:11388", "name": "RHSA-2026:11388", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:11656", "name": "RHSA-2026:11656", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:11692", "name": "RHSA-2026:11692", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:13414", "name": "RHSA-2026:13414", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2026-34003", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451113", "name": "RHBZ#2451113", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-05-04T12:38:28.602Z"}, "x_redhatCweChain": "CWE-125: Out-of-bounds Read"}}, "cveMetadata": {"cveId": "CVE-2026-34003", "state": "PUBLISHED", "dateUpdated": "2026-05-04T12:38:28.602Z", "dateReserved": "2026-03-25T04:53:13.615Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2026-04-23T14:54:05.479Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible."}], "id": "CVE-2026-34003", "lastModified": "2026-05-04T13:16:00.803", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2026-04-23T16:16:24.920", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:10739"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:11352"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:11369"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:11388"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:11656"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:11692"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:13414"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2026-34003"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451113"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Jan-Niklas Sohn (TrendAI Zero Day Initiative) for reporting this issue.", "bugzilla": {"description": "xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access", "id": "2451113", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451113"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-34003", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "xorg-x11-server-Xwayland", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "tigervnc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "xorg-x11-server", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "tigervnc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "xorg-x11-server", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "tigervnc", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "xorg-x11-server", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "xorg-x11-server-Xwayland", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "tigervnc", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "xorg-x11-server", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "xorg-x11-server-Xwayland", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-23T14:18:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-34003\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-34003"], "statement": "An Important out-of-bounds memory access vulnerability exists in the X.Org X server's XKB key types request validation. This flaw could lead to information exposure or a server crash and requires a specially crafted request to trigger. Systems running a graphical environment are potentially affected, with higher impact outcomes possible in certain configurations.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Red Hat Enterprise Linux 10", "source": "cna", "vendor": "Red Hat"}, "product": "enterprise_linux", "vendor": "redhat"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "product": "x.org", "vendor": "x.org"}], "analysis": {"en": {"generated_at": "2026-04-28T07:34:32.912764+00:00", "value": {"mitigation_remediation": ["Install the Red\u00a0Hat security update RHSA\u20112026:10739, which contains the fix for the X server XKB request validation", "Restrict non\u2011trusted users from running or accessing the X server process, limiting local attack surface", "Verify that the XFY configuration is set to use the latest XKB libraries and reboot the system after applying the update"], "summary": {"action": "Apply Patch", "impact": "Information Exposure or Denial of Service via out\u2011of\u2011bounds memory access"}, "threat_synthesis": {"affected_systems": "The issue affects Red\u00a0Hat Enterprise Linux 6, 7, 8, 9, and 10, which rely on the X.Org X server as part of the graphical stack. Versions impacted are those distributed under the standard RHEL releases and are listed in the corresponding Red\u00a0Hat errata.", "description_and_impact": "The flaw resides in the X.Org X server\u2019s XKB key types request validation, allowing a local attacker to send a crafted request that triggers an out\u2011of\u2011bounds read. This can expose sensitive information from memory or cause the X server to crash, resulting in a denial of service. The vulnerability is mitigated by correct bounds checking during request processing, but the current implementation fails to enforce it, exposing the system to data leakage or service interruption.", "risk_and_exploitability": "The CVSS score of 7.8 indicates a high severity level, and the EPSS score of <\u202f1% suggests a low probability of current exploitation in the wild. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, the likely attack vector is local; an attacker with access to the X server process or the ability to send network\u2013level requests to the X server can craft the malicious input. The impact is therefore confined to systems where the X server is running, and exploitation requires local or at\u2011least network\u2011level access to the X server within the same host."}}}}, "created": "2026-04-28T07:45:26.029081+00:00", "updated": "2026-04-28T09:25:58.496992+00:00", "vendors": ["redhat", "redhat$PRODUCT$enterprise_linux", "x.org", "x.org$PRODUCT$x.org"]}