PatchSiren

Freedesktop CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Freedesktop CVE published 2026-06-04

CVE-2026-50292

CVE-2026-50292 is a HIGH severity vulnerability in libinput, a library used for handling input devices. The vulnerability exists in versions before 1.30.4 and 1.31.x before 1.31.3. An unescaped phys output in libinput-device-group can inject udev properties, potentially leading to arbitrary root code execution.