Loading market data...
← Back to CVE feed

CVE-2026-50292

HIGH CVSS 7.4 View on NVD ↗

Description

In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: Jun 04, 2026 18:16 UTC Modified: Jun 04, 2026 19:16 UTC