Libinput · Libinput · CVE-2026-50292
**Name of the Vulnerable Software and Affected Versions**
libinput versions prior to 1.30.4
libinput versions 1.31.x prior to 1.31.3
**Description**
An issue exists in libinput-device-group where unescaped phys output allows for the injection of udev properties. This can lead to arbitrary root code execution.
**Recommendations**
Update to version 1.30.4 or later.
Update to version 1.31.3 or later.