CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-50292

In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 17.3%

CVSS Severity

CVSS v3 Score 7.4

References

Products affected by CVE-2026-50292

Freedesktop » Libinput » Version: Any

cpe:2.3:a:freedesktop:libinput:*
Freedesktop » Libinput » Version: N/A

cpe:2.3:a:freedesktop:libinput:-
Freedesktop » Libinput » Version: 1.18.2

cpe:2.3:a:freedesktop:libinput:1.18.2
Freedesktop » Libinput » Version: 1.19.0

cpe:2.3:a:freedesktop:libinput:1.19.0
Freedesktop » Libinput » Version: 1.19.1

cpe:2.3:a:freedesktop:libinput:1.19.1
Freedesktop » Libinput » Version: 1.19.2

cpe:2.3:a:freedesktop:libinput:1.19.2
Freedesktop » Libinput » Version: 1.19.3

cpe:2.3:a:freedesktop:libinput:1.19.3
Freedesktop » Libinput » Version: 1.19.4

cpe:2.3:a:freedesktop:libinput:1.19.4
Freedesktop » Libinput » Version: 1.20.0

cpe:2.3:a:freedesktop:libinput:1.20.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-50292

Products

Pricing

Contact Us