Red Hat has issued an Important security update for xorg-x11-server-Xwayland on RHEL 8 to address three vulnerabilities (CVE-2026-33999, CVE-2026-34001, CVE-2026-34003), each with a CVSS 3.1 score of 7.8 (High). These include an integer underflow, a use-after-free, and an out-of-bounds memory access, which can lead to denial of service, server crashes, information exposure, and potential memory corruption. The fix is provided in package version xorg-x11-server-Xwayland-21.1.3-20.el8_10.
Red Hat Product Errata RHSA-2026:11656 - Security Advisory Issued: 2026-04-29 Updated: 2026-04-29 RHSA-2026:11656 - Security Advisory Overview Updated Packages Synopsis Important: xorg-x11-server-Xwayland security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Xwayland is an X server for running X clients under Wayland. Security Fix(es): xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling (CVE-2026-33999) xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption (CVE-2026-34001) xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access (CVE-2026-34003) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Fixes BZ - 2451106 - CVE-2026-33999 xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling BZ - 2451109 - CVE-2026-34001 xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption BZ - 2451113 - CVE-2026-34003 xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access CVEs CVE-2026-33999 CVE-2026-34001 CVE-2026-34003 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM xorg-x11-server-Xwayland-21.1.3-20.el8_10.src.rpm SHA-256: 0f7e2231024fee3775ed29a90aab9359a86ea1e49b2b3830ac386bef77cb637d x86_64 xorg-x11-server-Xwayland-21.1.3-20.el8_10.x86_64.rpm SHA-256: 00339940f4fa4fad0850e6dab0156abba76670ada39a84fffa9ba058fca36741 xorg-x11-server-Xwayland-debuginfo-21.1.3-20.el8_10.x86_64.rpm SHA-256: 7f35b1f61c6a649aed1c44ac001f185fa54951f851134e094eba773e35563dbe xorg-x11-server-Xwayland-debugsource-21.1.3-20.el8_10.x86_64.rpm SHA-256: d154dff065328ab936b9255b12c1141769de9476d8151e38a454d4f7f4f72be1 Red Hat Enterprise Linux for IBM z Systems 8 SRPM xorg-x11-server-Xwayland-21.1.3-20.el8_10.src.rpm SHA-256: 0f7e2231024fee3775ed29a90aab9359a86ea1e49b2b3830ac386bef77cb637d s390x xorg-x11-server-Xwayland-21.1.3-20.el8_10.s390x.rpm SHA-256: d804575ac94d731af248a46f0875a5b5bf844234dab0ff9534b88c665e05a14c xorg-x11-server-Xwayland-debuginfo-21.1.3-20.el8_10.s390x.rpm SHA-256: 15ccd9a755ad894aa17fe9fb8aa8efe618c4a4666715f68b70b6eb81d094a0b0 xorg-x11-server-Xwayland-debugsource-21.1.3-20.el8_10.s390x.rpm SHA-256: bdf26aee270496f230e0740ae0f62e214b0145c10358569ec47f02f9bd2f09f1 Red Hat Enterprise Linux for Power, little endian 8 SRPM xorg-x11-server-Xwayland-21.1.3-20.el8_10.src.rpm SHA-256: 0f7e2231024fee3775ed29a90aab9359a86ea1e49b2b3830ac386bef77cb637d ppc64le xorg-x11-server-Xwayland-21.1.3-20.el8_10.ppc64le.rpm SHA-256: 1a9d48b528de2774c949341e16c2b2daa6cf20f210729537dbe7790d246914c3 xorg-x11-server-Xwayland-debuginfo-21.1.3-20.el8_10.ppc64le.rpm SHA-256: 7bf4e449a5ea8766e5922a63dbe146c67482c1b694bfbcc341cc263b51c2a444 xorg-x11-server-Xwayland-debugsource-21.1.3-20.el8_10.ppc64le.rpm SHA-256: 17e50aa7fa1469fdbde5d255fc29149c0b2e2bd0e67a3b2eedcaedd4dddfe65d Red Hat Enterprise Linux for ARM 64 8 SRPM xorg-x11-server-Xwayland-21.1.3-20.el8_10.src.rpm SHA-256: 0f7e2231024fee3775ed29a90aab9359a86ea1e49b2b3830ac386bef77cb637d aarch64 xorg-x11-server-Xwayland-21.1.3-20.el8_10.aarch64.rpm SHA-256: 9820051ca6d74a567399b8d2b9a99b64480c71e3cf43abd98625271aa15ce7e9 xorg-x11-server-Xwayland-debuginfo-21.1.3-20.el8_10.aarch64.rpm SHA-256: 14f5bdf02a9ebdb9f1a0b7a54bc6db402cfc89e0e5732fe6da2c30ea9b65da41 xorg-x11-server-Xwayland-debugsource-21.1.3-20.el8_10.aarch64.rpm SHA-256: 946fd2615d6de0493be49e390ceb75d7d88bed3e5f1156de9ef856ad3b0f8d3e Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 SRPM xorg-x11-server-Xwayland-21.1.3-20.el8_10.src.rpm SHA-256: 0f7e2231024fee3775ed29a90aab9359a86ea1e49b2b3830ac386bef77cb637d x86_64 xorg-x11-server-Xwayland-21.1.3-20.el8_10.x86_64.rpm SHA-256: 00339940f4fa4fad0850e6dab0156abba76670ada39a84fffa9ba058fca36741 xorg-x11-server-Xwayland-debuginfo-21.1.3-20.el8_10.x86_64.rpm SHA-256: 7f35b1f61c6a649aed1c44ac001f185fa54951f851134e094eba773e35563dbe xorg-x11-server-Xwayland-debugsource-21.1.3-20.el8_10.x86_64.rpm SHA-256: d154dff065328ab936b9255b12c1141769de9476d8151e38a454d4f7f4f72be1 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 SRPM xorg-x11-server-Xwayland-21.1.3-20.el8_10.src.rpm SHA-256: 0f7e2231024fee3775ed29a90aab9359a86ea1e49b2b3830ac386bef77cb637d aarch64 xorg-x11-server-Xwayland-21.1.3-20.el8_10.aarch64.rpm SHA-256: 9820051ca6d74a567399b8d2b9a99b64480c71e3cf43abd98625271aa15ce7e9 xorg-x11-server-Xwayland-debuginfo-21.1.3-20.el8_10.aarch64.rpm SHA-256: 14f5bdf02a9ebdb9f1a0b7a54bc6db402cfc89e0e5732fe6da2c30ea9b65da41 xorg-x11-server-Xwayland-debugsource-21.1.3-20.el8_10.aarch64.rpm SHA-256: 946fd2615d6de0493be49e390ceb75d7d88bed3e5f1156de9ef856ad3b0f8d3e Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 SRPM xorg-x11-server-Xwayland-21.1.3-20.el8_10.src.rpm SHA-256: 0f7e2231024fee3775ed29a90aab9359a86ea1e49b2b3830ac386bef77cb637d ppc64le xorg-x11-server-Xwayland-21.1.3-20.el8_10.ppc64le.rpm SHA-256: 1a9d48b528de2774c949341e16c2b2daa6cf20f210729537dbe7790d246914c3 xorg-x11-server-Xwayland-debuginfo-21.1.3-20.el8_10.ppc64le.rpm SHA-256: 7bf4e449a5ea8766e5922a63dbe146c67482c1b694bfbcc341cc263b51c2a444 xorg-x11-server-Xwayland-debugsource-21.1.3-20.el8_10.ppc64le.rpm SHA-256: 17e50aa7fa1469fdbde5d255fc29149c0b2e2bd0e67a3b2eedcaedd4dddfe65d Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 SRPM xorg-x11-server-Xwayland-21.1.3-20.el8_10.src.rpm SHA-256: 0f7e2231024fee3775ed29a90aab9359a86ea1e49b2b3830ac386bef77cb637d s390x xorg-x11-server-Xwayland-21.1.3-20.el8_10.s390x.rpm SHA-256: d804575ac94d731af248a46f0875a5b5bf844234dab0ff9534b88c665e05a14c xorg-x11-server-Xwayland-debuginfo-21.1.3-20.el8_10.s390x.rpm SHA-256: 15ccd9a755ad894aa17fe9fb8aa8efe618c4a4666715f68b70b6eb81d094a0b0 xorg-x11-server-Xwayland-debugsource-21.1.3-20.el8_10.s390x.rpm SHA-256: bdf26aee270496f230e0740ae0f62e214b0145c10358569ec47f02f9bd2f09f1 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .