LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-35093

CVE-2026-35093 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: April 1, 2026

libinput - Authentication Bypass

Published: April 1, 2026Updated: April 1, 2026

Overview

libinput contains a code execution vulnerability caused by processing specially crafted Lua bytecode files in configuration directories, letting local attackers run unauthorized code with program permissions, exploit requires local file placement.

Severity & Score

Severity: High
CVSS Score: 8.8
EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Local attackers can execute unauthorized code with program permissions, potentially leading to input monitoring and data exfiltration.

Mitigation

Update to the latest version of libinput.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Apr 1, 2026

šŸŸ  CVE-2026-35093 - High (8.8) A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the sam... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-35093/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Apr 1, 2026

šŸŸ  CVE-2026-35093 - High (8.8) A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the sam... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-35093/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Apr 1, 2026

šŸŸ  CVE-2026-35093 - High (8.8) A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the sam... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-35093/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Apr 1, 2026

šŸŸ  CVE-2026-35093 - High (8.8) A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the sam... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-35093/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-35093
Severity
High
CVSS Score
8.8
Type
insecure_deserialization
Status
unconfirmed
EPSS
0.0%
Social Posts
4

CWE

  • CWE-94

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

0.0%Probability of exploitation in the next 30 days