Cyber Resilience

CVE-2026-34002

MediumUpdated

Published: 05 May 2026

Published
05 May 2026
Modified
08 June 2026
KEV Added
Patch
CVSS Score v3.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
EPSS Score 0.0049 38.5th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-34002 is a medium-severity Buffer Access with Incorrect Length Value (CWE-805) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 6.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 38.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which…

more

causes the server to read beyond its intended memory boundaries. This can lead to the exposure of sensitive information or cause the server to crash, resulting in a denial of service.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Out-of-bounds read enables memory disclosure (credential access via exploitation) and application crash (endpoint DoS via exploitation); requires local X11 access.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

Affected Assets

x.org
x server
all versions
redhat
enterprise linux
10.0, 6.0, 7.0, 8.0, 9.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References