Zero Day MonitorZDM

← Back to list

7.8

CVE-2026-34001PATCHED

Red Hat · Red Hat Enterprise Linux 10

Xorg: xwayland: x.org x server: use-after-free vulnerability leads to server crash and potential memory corruption

Description

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat Enterprise Linux 10	—

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
red hat	red hat enterprise linux	mitre_affected	90%

References

Related News (2 articles)

Tier A

Microsoft MSRC5h ago

CVE-2026-34001 Xorg: xwayland: x.org x server: use-after-free vulnerability leads to server crash and potential memory corruption

→ No new info (linked only)

Tier C

VulDB5d ago

CVE-2026-34001 | X.org X Server miSyncTriggerFence expired pointer dereference

→ No new info (linked only)

CVSS 3.17.8 NONE

CISA KEV❌ No

Actively exploited❌ No

Patch available

0:1.15.0-6.el9_7.1

CWECWE-825

PublishedApr 23, 2026

Last enriched5d agov2

Tags

CVE-2026-34001

Trending Score36

Source articles2

Independent2

Info Completeness6/14

Missing: versions, cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

NONECVE-2026-33999

Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibility map handling

NONECVE-2026-34003

Xorg: xwayland: x.org x server: information exposure and denial of service via out-of-bounds memory access

NONECVE-2026-7309

Openshift-controller-manager: openshift container platform: information disclosure via environment variable injection

Multiple Vulnerabilities in Red Hat Products Allow Remote Code Execution, File Manipulation, and Denial of Service

Multiple Denial of Service Vulnerabilities in Red Hat Virtualization

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 23, 2026

Discovered by ZDM

Apr 23, 2026

Updated: tags

Apr 23, 2026

Patch Available

Apr 28, 2026

Version History

v2

Last enriched 5d ago

v2Tier C5d ago

Updated severity to CRITICAL and added CVE-2026-34001 as a new tag.

tags

via VulDB

v15d ago

Initial creation