HIGH🇵🇱 Wersja polska

CVE-2026-50292

CVSS 7.4v3.1pub. 2026-06-04upd. 2026-06-05

In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Freedesktop Libinput

    APP
    Freedesktop
    < 1.30.41.31.0 – 1.31.3 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2026-35093HIGH8.8ten sam produkt

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain ...

CVE-2022-1215HIGH7.8ten sam produkt

A format string vulnerability was found in libinput

CVE-2026-35094LOW3.3ten sam produkt

W bibliotece libinput znaleziono lukę umożliwiającą exploitację dangling pointer. Atakujący, który umieści pli...

CVE-2021-3185CRITICAL9.8ten sam vendor

A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 h...

CVE-2019-20367CRITICAL9.1ten sam vendor

nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the strin...