CVE-2026-35093

Name of the Vulnerable Software and Affected Versions libinput (affected versions not specified)

Description A flaw exists in libinput that allows a local attacker to bypass security restrictions by placing a specially crafted Lua bytecode file in specific system or user configuration directories. This can lead to the execution of unauthorized code with the same permissions as the program utilizing libinput, such as a graphical compositor. Successful exploitation could allow an attacker to monitor keyboard input and transmit it to an external location.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.