CVE-2026-50292 – libinput: Arbitrary Root Code Execution via Device Group udev Property Injection

CVE ID :CVE-2026-50292

Published : June 4, 2026, 6:16 p.m. | 16 minutes ago

Description :In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution

Severity: 7.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-5589 – Out-of-bounds write caused by an integer underflow in the Bluetooth Mesh subsystem.

CVE-2026-41522 – Iris has an Improper Authorization issue

CVE-2026-41518 – Chartbrew has a stored DOM XSS via Chart Tooltip innerHTML (ChartDatasetConfig.legend)

CVE-2026-41249 – CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration