CVE-2026-50292

ADVISORY - nist

Summary

In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution

EPSS Score⁠: 0.00297 (0.211)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-93⁠

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Impacted images

Advisories

NIST

CREATED

17 days ago

UPDATED

16 days ago

ADVISORY IDCVE-2026-50292⁠

EXPLOITABILITY SCORE

1.4

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-93⁠

CVSS SCORE

7.4high

Alpine

CREATED

15 days ago

UPDATED

15 days ago

ADVISORY IDCVE-2026-50292⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

16 days ago

UPDATED

9 days ago

ADVISORY IDCVE-2026-50292⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

16 days ago

UPDATED

13 days ago

ADVISORY IDCVE-2026-50292⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

9.8medium