CVE-2026-56000

NameCVE-2026-56000
DescriptionLocal attackers with a X connection able to provide GLX commit to the ...
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xorg-server (PTS)bullseye2:1.20.11-1+deb11u13vulnerable
bullseye (security)2:1.20.11-1+deb11u17vulnerable
bookworm2:21.1.7-3+deb12u12vulnerable
bookworm (security)2:21.1.7-3+deb12u11vulnerable
trixie2:21.1.16-1.3+deb13u2vulnerable
trixie (security)2:21.1.16-1.3+deb13u3vulnerable
forky, sid2:21.1.23-1vulnerable
xwayland (PTS)bookworm2:22.1.9-1vulnerable
trixie2:24.1.6-1vulnerable
forky, sid2:24.1.12-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xorg-serversource(unstable)(unfixed)
xwaylandsource(unstable)(unfixed)

Notes

[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
https://www.openwall.com/lists/oss-security/2026/07/08/2
Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/2779affbdb4354e894f490e56f962527d6125043

Search for package or bug name: Reporting problems