Use-After-Free Vulnerability in X.Org X Server by Red Hat
CVE-2026-34001

7.8HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 23 April 2026

What is CVE-2026-34001?

A critical flaw has been identified in the X.Org X server that manifests as a use-after-free vulnerability within the XSYNC fence triggering logic. The issue is specifically located in the miSyncTriggerFence() function, where an attacker with access to the X11 server can exploit the vulnerability without requiring any user interaction. If successfully exploited, this flaw can lead to a server crash, potentially causing memory corruption that could either result in a denial of service or further compromise the affected system.

References

https://access.redhat.com/security/cve/CVE-2026-34001

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2451109

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2026
Vulnerability Reserved
Mar 25, 2026

Credit

Red Hat would like to thank Jan-Niklas Sohn (TrendAI Zero Day Initiative) for reporting this issue.

CVE-2026-34001 Data

JSON