CVE-2026-50292

The CVE affects libinput before 1.30.4 and 1.31.x before 1.31.3, where libinput-device-group’s unescaped phys output can inject udev properties, potentially enabling arbitrary root code execution. Affected component: libinput (desktop/input stack). Underlying cause: unescaped phys output in libin...

CVE-2026-35093

Vulnerability overview: CVE-2026-35093 affects libinput. A local attacker can place a crafted Lua bytecode file in certain system or user configuration directories, bypassing security restrictions and executing unauthorized code with the same permissions as the affected program (e.g., a graphical...