Cyber Posture

CVE-2026-33999

High

Published: 23 April 2026

Published
23 April 2026
Modified
04 May 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 1.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-33999 is a high-severity Wrap or Wraparound (CWE-191) vulnerability. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly requires timely identification, reporting, and remediation of flaws like this integer underflow via patching the X.Org X server.

SI-16 Memory Protection good match
prevent

Implements memory protection techniques such as address space layout randomization and data execution prevention to mitigate buffer read overruns and memory-safety violations.

SI-10 Information Input Validation partial match
prevent

Mandates validation of information inputs to the X11 server, including XKB compatibility maps, to prevent malformed data triggering the integer underflow.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

The local integer underflow in X.Org X server (low-priv access, high C/I/A impact via memory corruption) directly enables exploitation for privilege escalation as the X server process is typically privileged.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to…

more

memory-safety violations and potentially a denial of service (DoS) or other severe impacts.

Deeper analysisAI

CVE-2026-33999 is an integer underflow vulnerability in the X.Org X server, specifically within the XKB compatibility map handling. This flaw enables an attacker with local or remote X11 server access to trigger a buffer read overrun, resulting in memory-safety violations that could lead to denial of service (DoS) or other severe impacts. Published on 2026-04-23, the issue is classified under CWE-191 and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

An attacker requires local access to the X11 server with low privileges to exploit this vulnerability, which has low attack complexity and needs no user interaction. Successful exploitation can achieve high impacts across confidentiality, integrity, and availability, potentially allowing memory corruption that disrupts system operation or enables further compromise.

Red Hat has released patches addressing this vulnerability through several errata: RHSA-2026:10739, RHSA-2026:11352, RHSA-2026:11369, RHSA-2026:11388, and RHSA-2026:11656. Security practitioners should review and apply these updates to affected systems for mitigation.

Details

CWE(s)
CWE-191

CVEs Like This One

CVE-2026-31656Shared CWE-191
CVE-2026-27907Shared CWE-191
CVE-2026-32775Shared CWE-191
CVE-2026-32149Shared CWE-191
CVE-2025-21160Shared CWE-191
CVE-2026-7424Shared CWE-191
CVE-2024-57823Shared CWE-191
CVE-2025-21122Shared CWE-191
CVE-2025-62291Shared CWE-191
CVE-2025-21158Shared CWE-191

References