ThreatCluster

X.Org Server and XWayland Security Vulnerabilities Disclosed

First seen 8 Jul 2026, 17:25 UTC lists.x.org 78% similarity 58

Article Content

Browse articles
ThreatCluster

On July 8, 2026, X.Org announced security vulnerabilities affecting the X server and XWayland. Two critical CVEs were disclosed: CVE-2026-55999, a heap buffer overflow in glamor Font Atlas, and CVE-2026-56000, a use-after-free vulnerability in GLX contextTags. Both vulnerabilities were patched in the latest releases of X.Org Server (21.1.24) and XWayland (24.1.13). The vulnerabilities could potentially allow attackers to exploit affected systems, but no active exploitation has been reported at this time. Users are advised to update to the latest versions to mitigate risks. The vulnerabilities were confirmed by the X.Org development team and are considered significant due to their potential impact on system integrity.

Key Points: • Two critical vulnerabilities (CVE-2026-55999 and CVE-2026-56000) disclosed. • Patches released for X.Org Server 21.1.24 and XWayland 24.1.13 on July 8, 2026. • No active exploitation reported, but users are urged to update immediately.

ThreatCluster AI

Timeline

2026-07-08
CVE-2026-55999 published
Heap buffer overflow vulnerability in glamor Font Atlas disclosed, affecting X server and XWayland.
Article 1
2026-07-08
CVE-2026-56000 published
Use-after-free vulnerability in GLX contextTags disclosed, affecting X server and XWayland.
Article 2
2026-07-08
Patches released
X.Org released updates for X server (21.1.24) and XWayland (24.1.13) to address the vulnerabilities.
Article 1

Community

Browse all →