PatchSiren cyber security CVE debrief
CVE-2026-35093 Red Hat CVE debrief
A flaw was found in libinput, which allows a local attacker to bypass security restrictions by placing specially crafted Lua bytecode files in certain system or user configuration directories. This could lead to the attacker monitoring keyboard input and sending that information to an external location. The vulnerability has a CVSS score of 8.8 and is considered HIGH severity. The CVE was published on April 1, 2026, and last modified on June 30, 2026. The flaw affects libinput versions prior to 1.30.4 and 1.31.1, as well as Fedora 43 and 44.
- Vendor
- Red Hat
- Product
- Red Hat Enterprise Linux 10
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-01
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-04-01
- Advisory updated
- 2026-06-30
Who should care
System administrators and users of libinput, particularly those using graphical compositors, should be aware of this vulnerability. A local attacker with the ability to place a specially crafted Lua bytecode file in a certain system or user configuration directory could potentially exploit this flaw. Users of Fedora 43 and 44 are also affected.
Technical summary
The vulnerability is caused by a flaw in libinput's handling of Lua bytecode files. A local attacker can bypass security restrictions by placing a specially crafted Lua bytecode file in certain system or user configuration directories. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as a graphical compositor. The vulnerability is classified as CWE-94 and has a CVSS vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.
Defensive priority
High priority should be given to patching or mitigating this vulnerability, as it allows for unauthorized code execution with the same permissions as the program using libinput. System administrators should review their libinput configurations and ensure that they are running a patched version.
Recommended defensive actions
- Patch libinput to version 1.30.4 or later, or 1.31.1 or later.
- Review and update libinput configurations to prevent exploitation.
- Monitor system logs for suspicious activity related to libinput.
- Implement additional security controls, such as restricting access to configuration directories.
- Consider using compensating controls, such as intrusion detection systems.
Evidence notes
The CVE record and NVD detail provide information on the vulnerability, including its CVSS score and affected versions. The source item URL provides additional information on the vulnerability, including references to mitigation and vendor references. The CVE was published on April 1, 2026, and last modified on June 30, 2026.
Official resources
-
CVE-2026-35093 CVE record
CVE.org
-
CVE-2026-35093 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Third Party Advisory
-
Source reference
[email protected] - Broken Link
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.