A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for privilege escalation if the X server runs as root.
A use-after-free flaw
Exploit
CVE-2026-50260
NVD
Refer to CVE-2026-50260 NVD advisory