Description
A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root code execution, for example, by exploiting REMOVE_CMD properties that are executed when a device is removed. This vulnerability allows an attacker to gain elevated privileges on the system.
Published: 2026-06-05
Score: 7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

libinput is a system component that manages input devices on Linux systems. A flaw in the libinput-device-group helper permits a local attacker who can access the character device /dev/uinput to inject arbitrary udev properties. This injection can cause the system to execute commands associated with REMOVE_CMD properties whenever a device is removed, allowing the attacker to run code as root. The vulnerability thus enables privilege escalation from an unprivileged user to superuser privileges. This vulnerability represents an OS command‑injection flaw (CWE‑78).

Affected Systems

The affected operating systems are Red Hat Enterprise Linux 7, 8, 9, and 10, all of which ship the vulnerable libinput version and expose /dev/uinput. The flaw is relevant when packages such as steam-device, antimicrox, or kdeconnectd install udev rules that allow a logged‑in user to create uinput devices, thereby granting non‑root write access to /dev/uinput.

Risk and Exploitability

The CVSS score of 7 indicates a high severity vulnerability, while the EPSS score is not available. The vulnerability is not listed in CISA KEV. The attack vector is inferred as local because exploitation requires access to /dev/uinput, a device normally restricted to privileged users. A local attacker who can write to /dev/uinput may construct a uinput event that carries malicious REMOVE_CMD properties; when the kernel processes the removal event, those commands are executed as root, enabling an attacker to obtain superuser privileges.

Generated by OpenCVE AI on June 5, 2026 at 11:26 UTC.

Remediation

Vendor Workaround

Restrict access to /dev/uinput to trusted users only. This is the default on virtually all distributions but some packages install udev rules that allow a logged-in user to create uinput devices. Examples for this on Fedora are steam-device, antimicrox, kdeconnectd.

OpenCVE Recommended Actions

  • Restrict the file permissions of /dev/uinput so that only root or trusted users can write to it, or disable it for non‑privileged groups.
  • Remove or mitigate third‑party packages (such as steam-device, antimicrox, kdeconnectd) that create udev rules granting uinput creation to regular users.
  • Apply any available vendor patch or update for libinput that fixes the vulnerability.

Generated by OpenCVE AI on June 5, 2026 at 11:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
References

Fri, 05 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Fri, 05 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root code execution, for example, by exploiting REMOVE_CMD properties that are executed when a device is removed. This vulnerability allows an attacker to gain elevated privileges on the system.
Title Libinput: local privilege escalation via crafted uinput devices
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-78
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-05T11:11:13.444Z

Reserved: 2026-06-04T14:55:24.012Z

Link: CVE-2026-50265

cve-icon Vulnrichment

Updated: 2026-06-05T10:48:06.182Z

cve-icon NVD

Status : Received

Published: 2026-06-05T11:16:36.853

Modified: 2026-06-05T12:16:40.237

Link: CVE-2026-50265

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-05T00:00:00Z

Links: CVE-2026-50265 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T11:30:39Z

Weaknesses