What is the CVSS score of CVE-2026-35093?

CVE-2026-35093 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Red Hat are affected by CVE-2026-35093?

CVE-2026-35093 is a high-severity local privilege escalation in libinput affecting all authenticated users on systems with graphical interfaces.. A patch is available.

How to fix or mitigate CVE-2026-35093?

Within 24 hours: Inventory all systems running libinput (check via 'pkg-config --modversion libinput' on Linux desktops and servers; review application dependencies). Audit configuration directory permissions on /etc/libinput* and user ~/.config/libinput* to restrict write access to root/trusted users only. Within 7 days: Implement file integrity monitoring on libinput configuration directories and restrict local account creation on systems where possible; document current libinput versions in use. Within 30 days: Monitor vendor advisories for patch availability and plan immediate deployment to all affected systems once released; consider architectural changes to reduce local user access on critical systems.

Red Hat CVE-2026-35093

EUVD-2026-17907 HIGH

Code Injection (CWE-94)

2026-04-01 secalert@redhat.com

RCE Code Injection Red Hat Suse

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Apr 01, 2026 - 14:22 euvd

EUVD-2026-17907

Analysis Generated

Apr 01, 2026 - 14:22 vuln.today

CVE Published

Apr 01, 2026 - 14:16 nvd

HIGH 8.8

DescriptionNVD

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as a graphical compositor. This could lead to the attacker monitoring keyboard input and sending that information to an external location.

AnalysisAI

Local privilege escalation in libinput allows authenticated users to execute arbitrary code within graphical compositor contexts by placing malicious Lua bytecode in system or user configuration directories. The vulnerability achieves scope change (CVSS:S:C) with high impact across confidentiality, integrity, and availability (8.8 CVSS), enabling attackers to monitor keyboard input including passwords and sensitive data. …

RemediationAI

Within 24 hours: Inventory all systems running libinput (check via 'pkg-config --modversion libinput' on Linux desktops and servers; review application dependencies). Audit configuration directory permissions on /etc/libinput* and user ~/.config/libinput* to restrict write access to root/trusted users only. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory