CVE-2026-35093 - Vulnerability Details

- Libinput: libinput: unauthorized code execution and information disclosure through lua bytecode plugins

Description

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as a graphical compositor. This could lead to the attacker monitoring keyboard input and sending that information to an external location.

Published: 2026-04-01

Score: 8.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in libinput permits a local attacker with write access to system or user configuration directories to craft a Lua bytecode file that is loaded by libinput. When executed, the bytecode runs with the same privileges as the process that uses libinput, such as a graphical compositor. This enables the attacker to capture and transmit keyboard input, resulting in confidential data leakage. The vulnerability is a code‑injection weakness classified as CWE‑94 and carries a high severity rating of 8.8 on the CVSS scale.

Affected Systems

Red Hat Enterprise Linux 7, 8, 9, and 10 are affected by this libinput flaw; no specific minor version information is available.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity risk. Exploitation requires local access and the ability to place a Lua bytecode file in a libinput configuration directory, but once achieved the attacker can execute arbitrary code and exfiltrate sensitive input. No publicly available exploit is listed, and the vulnerability is not yet in the CISA KEV catalog. Nonetheless, the potential impact warrants prompt remediation and monitoring.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor	Product	Default status	Versions
Red Hat	Red Hat Enterprise Linux 10	unaffected	—
Red Hat	Red Hat Enterprise Linux 7	unknown	—
Red Hat	Red Hat Enterprise Linux 8	unaffected	—
Red Hat	Red Hat Enterprise Linux 9	unaffected	—

No data.

Vendor Product Confidence Versions

Redhat

Enterprise Linux

100%

Version	Status	Scheme	Platform
`—`	affected	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the Red Hat security update that contains the libinput fix.
Confirm that the update has been installed on all RHEL 7, 8, 9, and 10 systems.
If the update is unavailable or delayed, restrict write permissions on libinput configuration directories to prevent unauthorized Lua bytecode placement.
Continuously monitor these directories for unexpected Lua bytecode files and audit access logs for suspicious activity.

Generated by OpenCVE AI on April 2, 2026 at 02:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00015.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2026-35093
https://bugzilla.redhat.com/show_bug.cgi?id=2453839
https://gitlab.freedesktop.org/libinput/libinput/-/work_items/1271
https://nvd.nist.gov/vuln/detail/CVE-2026-35093
https://www.cve.org/CVERecord?id=CVE-2026-35093

History

Thu, 02 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2026-35093 https://www.cve.org/CVERecord?id=CVE-2026-35093
Metrics	threat_severity `None`	threat_severity `Important`

Wed, 01 Apr 2026 23:45:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as a graphical compositor. This could lead to the attacker monitoring keyboard input and sending that information to an external location.
Title		Libinput: libinput: unauthorized code execution and information disclosure through lua bytecode plugins
First Time appeared		Redhat Redhat enterprise Linux
Weaknesses		CWE-94
CPEs		cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux
References		https://access.redhat.com/security/cve/CVE-2026-35093 https://bugzilla.redhat.com/show_bug.cgi?id=2453839 https://gitlab.freedesktop.org/libinput/libinput/-/work_items/1271
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}`

Subscriptions

Redhat Enterprise Linux

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-04-01T13:54:00.189Z

Updated: 2026-04-02T06:31:23.875Z

Reserved: 2026-04-01T12:56:18.939Z

Link: CVE-2026-35093

Vulnrichment

No data.

NVD

Status : Undergoing Analysis

Published: 2026-04-01T14:16:57.443

Modified: 2026-04-01T14:23:37.727

Link: CVE-2026-35093

Redhat

Severity : Important

Publid Date: 2026-04-01T00:00:00Z

Links: CVE-2026-35093 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-02T20:17:32Z

Weaknesses

CWE-94

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object