Out-of-Bounds Read Vulnerability in X.Org X Server by Red Hat
CVE-2026-34000

6.1MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 5 May 2026

What is CVE-2026-34000?

A flaw has been identified in the X.Org X server related to out-of-bounds reading, specifically affecting the XKB geometry processing functions, CheckSetGeom() and XkbAddGeomKeyAlias. This vulnerability allows an attacker with access to the X11 server, either locally or remotely, to exploit the flaw without requiring user interaction. Successful exploitation can lead to the disclosure of sensitive memory contents, or potentially result in a denial of service through server crashes.

References

https://access.redhat.com/security/cve/CVE-2026-34000

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2451107

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2026
Vulnerability Reserved
Mar 25, 2026

Credit

Red Hat would like to thank Jan-Niklas Sohn (TrendAI Zero Day Initiative) for reporting this issue.

CVE-2026-34000 Data

JSON