CVE-2026-35093

Source
https://cve.org/CVERecord?id=CVE-2026-35093
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-35093.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-35093
Downstream
Related
Published
2026-04-01T13:54:00.189Z
Modified
2026-07-16T03:30:57.237357500Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Libinput: libinput: unauthorized code execution and information disclosure through lua bytecode plugins
Details

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as a graphical compositor. This could lead to the attacker monitoring keyboard input and sending that information to an external location.

Database specific
{
    "cwe_ids": [
        "CWE-94"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/35xxx/CVE-2026-35093.json",
    "cna_assigner": "redhat"
}
References

Affected packages

Git / gitlab.freedesktop.org/libinput/libinput

Affected ranges

Type
GIT
Repo
https://gitlab.freedesktop.org/libinput/libinput
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:freedesktop:libinput:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.30.3"
        },
        {
            "introduced": "1.30.4"
        },
        {
            "fixed": "1.31.1"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

0.*
0.1.0
0.10.0
0.11.0
0.12.0
0.13.0
0.14.0
0.14.1
0.15.0
0.16.0
0.17.0
0.18.0
0.19.0
0.2.0
0.20.0
0.21.0
0.3.0
0.4.0
0.5.0
0.6.0
0.7.0
0.8.0
0.9.0
0.99.1
1.*
1.0.0
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.901
1.1.902
1.10.0
1.10.901
1.10.902
1.11.0
1.11.901
1.11.902
1.11.903
1.12.0
1.12.1
1.12.2
1.12.3
1.12.901
1.12.902
1.13.0
1.13.901
1.13.902
1.14.0
1.14.1
1.14.901
1.15.0
1.15.1
1.15.2
1.15.3
1.15.901
1.15.902
1.16.0
1.16.1
1.16.901
1.16.902
1.17.0
1.17.901
1.18.0
1.18.901
1.19.0
1.19.1
1.19.2
1.19.901
1.2.0
1.2.1
1.2.2
1.2.901
1.2.902
1.2.903
1.20.0
1.21.0
1.22.0
1.23.0
1.24.0
1.25.0
1.26.0
1.26.1
1.26.2
1.27.0
1.27.1
1.28.0
1.28.1
1.28.901
1.28.902
1.28.903
1.29.0
1.29.901
1.29.902
1.3.0
1.3.901
1.30.0
1.30.1
1.30.2
1.30.901
1.31.0
1.4.0
1.4.901
1.5.0
1.5.1
1.5.2
1.5.901
1.5.902
1.6.0
1.6.901
1.6.902
1.7.0
1.7.901
1.7.902
1.8.0
1.8.901
1.8.902
1.9.0
1.9.1
1.9.901
1.9.902

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-35093.json"