CVE-2026-34003 HIGH

CVE-2026-34003: Xorg: xwayland: x.org x server: information exposure and denial of service via out-of-bounds memory access

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-125
Published April 23, 2026
Last update June 30, 2026

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible.

Key dates

02Disclosure timeline

April 23, 2026 CVE published
June 30, 2026 Record updated