CVE-2026-35094
A vulnerability in libinput (CVE-2026-35094) allows information disclosure via a dangling pointer when a garbage-collection cleanup prints a pointer to system logs, if Lua plugins are enabled and loaded by the compositor. Affected are libinput releases prior to the fixed version; Fedora/SUSE advi...