Libinput

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:freedesktop:libinput:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorFreedesktop (2c544e5d-e68e-5b35-a616-dc08f0ba697e)
ProductLibinput (37a8087c-b2f7-54fa-b5f6-a918559adff4)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:deb/debian/libinput purl2cpe 2026-06-01 10:14:03.684569
pkg:deb/ubuntu/libinput purl2cpe 2026-06-01 10:14:03.684570
pkg:github/freedesktop/wayland-libinput purl2cpe 2026-06-01 10:14:03.684572
pkg:rpm/centos/libinput purl2cpe 2026-06-01 10:14:03.684573
pkg:rpm/fedora/libinput purl2cpe 2026-06-01 10:14:03.684575
pkg:rpm/opensuse/libinput purl2cpe 2026-06-01 10:14:03.684576

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2026-35093 vulnerable 2026-06-03 15:22:11.375429 Libinput: libinput: unauthorized code execution and information disclosure through lua bytecode plugins
HIGH (8.8)
A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as a graphical compositor. This could lead to the attacker monitoring keyboard input and sending that information to an external location.
Published: 2026-04-01T13:54:00.189Z
Updated: 2026-04-03T13:56:05.343Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-1215 vulnerable 2026-06-03 14:45:58.260850 Details available
A format string vulnerability was found in libinput
Published: 2022-05-31T00:00:00.000Z
Updated: 2024-08-02T23:55:24.456Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.