Fluid Attacks Database

Description

A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory boundaries. This can lead to the exposure of sensitive information or cause the server to crash, resulting in a denial of service.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel6	tigervnc	-	-
rpm rhel8	tigervnc	-	-
rpm rhel9	tigervnc	-	-
rpm rhel8	xorg-x11-server	-	-
rpm rhel10	xorg-x11-server-Xwayland	-	-
rpm rhel8	xorg-x11-server-Xwayland	-	-
rpm rhel7	tigervnc	-	-
rpm rhel9	xorg-x11-server	-	-
debian 14	xorg-server	=2:21.1.16-1.3 \|\| =2:21.1.18-1 \|\| =2:21.1.18-2 \|\| =2:21.1.20-1 \|\| =2:21.1.21-1 \|\| >=0 <2:21.1.22-1	2:21.1.22-1
rpm rhel9	xorg-x11-server-Xwayland	-	-

1-10 of 27

Aliases

1. CVE-2026-340022. NVD-2026-340023. OSV-2026-340024. OSV-DEBIAN-2026-340025. SECURITY-TRACKER-CVE-2026-34002

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.