PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-35093 Red Hat CVE debrief

A flaw was found in libinput, which allows a local attacker to bypass security restrictions by placing specially crafted Lua bytecode files in certain system or user configuration directories. This could lead to the attacker monitoring keyboard input and sending that information to an external location. The vulnerability has a CVSS score of 8.8 and is considered HIGH severity. The CVE was published on April 1, 2026, and last modified on June 30, 2026. The flaw affects libinput versions prior to 1.30.4 and 1.31.1, as well as Fedora 43 and 44.

Vendor
Red Hat
Product
Red Hat Enterprise Linux 10
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-01
Original CVE updated
2026-06-30
Advisory published
2026-04-01
Advisory updated
2026-06-30

Who should care

System administrators and users of libinput, particularly those using graphical compositors, should be aware of this vulnerability. A local attacker with the ability to place a specially crafted Lua bytecode file in a certain system or user configuration directory could potentially exploit this flaw. Users of Fedora 43 and 44 are also affected.

Technical summary

The vulnerability is caused by a flaw in libinput's handling of Lua bytecode files. A local attacker can bypass security restrictions by placing a specially crafted Lua bytecode file in certain system or user configuration directories. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as a graphical compositor. The vulnerability is classified as CWE-94 and has a CVSS vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Defensive priority

High priority should be given to patching or mitigating this vulnerability, as it allows for unauthorized code execution with the same permissions as the program using libinput. System administrators should review their libinput configurations and ensure that they are running a patched version.

Recommended defensive actions

  • Patch libinput to version 1.30.4 or later, or 1.31.1 or later.
  • Review and update libinput configurations to prevent exploitation.
  • Monitor system logs for suspicious activity related to libinput.
  • Implement additional security controls, such as restricting access to configuration directories.
  • Consider using compensating controls, such as intrusion detection systems.

Evidence notes

The CVE record and NVD detail provide information on the vulnerability, including its CVSS score and affected versions. The source item URL provides additional information on the vulnerability, including references to mitigation and vendor references. The CVE was published on April 1, 2026, and last modified on June 30, 2026.

Official resources

This article is AI-assisted and based on the supplied source corpus.