Cyber Resilience

CVE-2026-33999

HighUpdated

Published: 23 April 2026

Published
23 April 2026
Modified
08 June 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 0.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-33999 is a high-severity Wrap or Wraparound (CWE-191) vulnerability. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-33999 is an integer underflow vulnerability in the X.Org X server, specifically within the XKB compatibility map handling. This flaw enables an attacker with local or remote X11 server access to trigger a buffer read overrun, resulting in memory-safety violations that could lead to denial of service (DoS) or other severe impacts. Published on 2026-04-23, the issue is classified under CWE-191 and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

An attacker requires local access to the X11 server with low privileges to exploit this vulnerability, which has low attack complexity and needs no user interaction. Successful exploitation can achieve high impacts across confidentiality, integrity, and availability, potentially allowing memory corruption that disrupts system operation or enables further compromise.

Red Hat has released patches addressing this vulnerability through several errata: RHSA-2026:10739, RHSA-2026:11352, RHSA-2026:11369, RHSA-2026:11388, and RHSA-2026:11656. Security practitioners should review and apply these updates to affected systems for mitigation.

EU & UK References

Vulnerability details

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to…

more

memory-safety violations and potentially a denial of service (DoS) or other severe impacts.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The local integer underflow in X.Org X server (low-priv access, high C/I/A impact via memory corruption) directly enables exploitation for privilege escalation as the X server process is typically privileged.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-27907Shared CWE-191
CVE-2026-31656Shared CWE-191
CVE-2026-40397Shared CWE-191
CVE-2026-32775Shared CWE-191
CVE-2026-32149Shared CWE-191
CVE-2026-33845Shared CWE-191
CVE-2022-49278Shared CWE-191
CVE-2025-2523Shared CWE-191
CVE-2024-10838Shared CWE-191
CVE-2026-37231Shared CWE-191

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely identification, reporting, and remediation of flaws like this integer underflow via patching the X.Org X server.

prevent

Implements memory protection techniques such as address space layout randomization and data execution prevention to mitigate buffer read overruns and memory-safety violations.

prevent

Mandates validation of information inputs to the X11 server, including XKB compatibility maps, to prevent malformed data triggering the integer underflow.

References