Skip to main content

Libinput

3 CVEs product

Monthly

CVE-2026-35094 LOW Monitor

Libinput versions prior to 1.26.0 contain a dangling pointer vulnerability in Lua plugin garbage collection that allows local authenticated attackers to read sensitive data from system logs, requiring the ability to deploy malicious Lua plugin files to system directories and Lua plugin support to be enabled in the compositor. The vulnerability has a CVSS score of 3.3 (low severity) with confirmed patch availability, and poses minimal real-world risk due to high prerequisites including local file write access and plugin enablement.

Information Disclosure Libinput Fedora
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-35093 HIGH PATCH This Week

Local privilege escalation in libinput allows authenticated users to execute arbitrary code within graphical compositor contexts by placing malicious Lua bytecode in system or user configuration directories. The vulnerability achieves scope change (CVSS:S:C) with high impact across confidentiality, integrity, and availability (8.8 CVSS), enabling attackers to monitor keyboard input including passwords and sensitive data. No public exploit identified at time of analysis, with EPSS data unavailable for this recently disclosed vulnerability.

RCE Code Injection Libinput Fedora
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2022-1215 HIGH This Week

A format string vulnerability was found in libinput. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Libinput
NVD
CVSS 3.1
7.8
EPSS
0.4%
EPSS 0% CVSS 3.3
LOW Monitor

Libinput versions prior to 1.26.0 contain a dangling pointer vulnerability in Lua plugin garbage collection that allows local authenticated attackers to read sensitive data from system logs, requiring the ability to deploy malicious Lua plugin files to system directories and Lua plugin support to be enabled in the compositor. The vulnerability has a CVSS score of 3.3 (low severity) with confirmed patch availability, and poses minimal real-world risk due to high prerequisites including local file write access and plugin enablement.

Information Disclosure Libinput Fedora
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Local privilege escalation in libinput allows authenticated users to execute arbitrary code within graphical compositor contexts by placing malicious Lua bytecode in system or user configuration directories. The vulnerability achieves scope change (CVSS:S:C) with high impact across confidentiality, integrity, and availability (8.8 CVSS), enabling attackers to monitor keyboard input including passwords and sensitive data. No public exploit identified at time of analysis, with EPSS data unavailable for this recently disclosed vulnerability.

RCE Code Injection Libinput +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

A format string vulnerability was found in libinput. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Libinput
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy