Description
A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as a graphical compositor. This could lead to the attacker monitoring keyboard input and sending that information to an external location.
Published: 2026-04-01
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Code Execution and Information Disclosure
Action: Apply Patch
AI Analysis

Impact

A flaw in Libinput allows a local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories to bypass security restrictions. The attacker can then run arbitrary code with the same permissions as the program using Libinput, such as a graphical compositor. This can enable the attacker to monitor keyboard input and send the captured data to an external location. The vulnerability reflects CWE‑94, a form of malicious code injection that leads to unintended code execution.

Affected Systems

Red Hat Enterprise Linux 7, 8, 9, 10 and Fedora 43 and 44 are affected because the Libinput package bundled with these distributions contains the vulnerable code. No specific package versions are listed, so any system running the packaged Libinput without the available remediation is susceptible.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity. An EPSS score of less than 1% suggests a low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is local: the attacker must have write access to a directory where Libinput loads Lua plugins. Once such a file is in place, the compromise occurs immediately with the privileges of the Libinput‑using process.

Generated by OpenCVE AI on April 7, 2026 at 22:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued patch by updating Libinput to the latest released version on Red Hat systems using yum/dnf, or on Fedora using dnf.
  • If the update cannot be performed immediately, restrict write access to directories from which Libinput loads Lua plugins (for example, /usr/share/libinput/lua) so that only privileged users can modify them.
  • Review the Libinput configuration directories for the presence of suspicious Lua bytecode files, remove any that are not legitimate, and monitor these directories for unauthorized changes.

Generated by OpenCVE AI on April 7, 2026 at 22:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Fedoraproject
Fedoraproject fedora
Freedesktop
Freedesktop libinput
CPEs cpe:2.3:a:freedesktop:libinput:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:43:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:44:*:*:*:*:*:*:*
Vendors & Products Fedoraproject
Fedoraproject fedora
Freedesktop
Freedesktop libinput

Fri, 03 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 02 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as a graphical compositor. This could lead to the attacker monitoring keyboard input and sending that information to an external location.
Title Libinput: libinput: unauthorized code execution and information disclosure through lua bytecode plugins
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-94
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Fedoraproject Fedora
Freedesktop Libinput
Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-03T13:56:05.343Z

Reserved: 2026-04-01T12:56:18.939Z

Link: CVE-2026-35093

cve-icon Vulnrichment

Updated: 2026-04-03T13:49:57.591Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T14:16:57.443

Modified: 2026-04-07T20:31:19.550

Link: CVE-2026-35093

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-01T00:00:00Z

Links: CVE-2026-35093 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:57:09Z

Weaknesses