X .Org has released patches for two significant vulnerabilities affecting its server and Xwayland products. The most severe, CVE-2026-56000, is a use-after-free issue rated 9.0 on the CVSS scale, while CVE-2026-55999 is a heap buffer overflow rated 8.5. Both vulnerabilities can potentially allow memory corruption leading to crashes or execution of malicious code. Currently, there are no confirmed exploits in the wild. Affected versions include xorg-server prior to 21.1.24 and Xwayland prior to 24.1.13. Users are advised to update immediately to mitigate risks.
Critical X.Org flaws patched, CVE‑2026‑56000 scores 9.0
CyberSIXT Evidence Panel
Article by CyberSIXT