Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

Libinput Hit By Worrying Security Issues With Its Lua Plug-In System

Written by Michael Larabel in Desktop on 2 April 2026 at 12:00 AM EDT. 35 Comments

DESKTOP

Libinput devised a Lua-based plug-in system for modifying devices/events. The Lua plug-in support was introduced last year with libinput 1.30 but unfortunately some security issues have now come to light with the implementation.

These Lua plug-in issues are all the more pressing with libinput being widely used on both X.Org and Wayland based Linux desktops for input handling.

CVE-2026-35093 was made public tonight as a sandbox escape in libinput plug-ins. A bug within libinput's loader allowed for pre-compiled byte code to be loaded without any verification at run-time. Thus via a Lua plug-in for libinput it was possible to have unrestricted access to the system to the full potential that Lua allows. The bytecode is executed at the process' privilege level with unrestricted system access.

CVE-2026-35094 was also made public as a use-after-free vulnerability for libinput plug-ins.

More details on these libinput security issues via today's advisory. As a result of these disclosures, libinput 1.31.1 and libinput 1.30.3 have been released with security fixes for these vulnerabilities.

35 Comments

Related News

LXQt 2.4 Released With More Wayland Fixes/Improvements

XDG-Desktop-Portal 1.20.4 Released To Protect Against Apps Trashing Arbitrary Host Files

FreeRDP 3.24 Released With Security Fixes & Improved X11 Client Support

Budgie 10.10.2 Brings Improved Labwc Wayland Compositor Integration

COSMIC Epoch 1.0.8 Released With More Desktop Refinements

Libinput 1.31 Released With Configurable Timeouts, Fast 3-Finger Swipes

About The Author

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

The "NTFS Resurrection" Has Occurred For Linux 7.1

Linux 7.0 Released With New Hardware Support, Optimizations & Self-Healing XFS

Mozilla Announces "Thunderbolt" As An Open-Source, Enterprise AI Client

Linus Torvalds Rejects Performance Fix "Hack" & Kconfig "Terrible Things" For Linux 7.1

CachyOS Rolls Out A Super-Charged Linux 7.0 Kernel

Proton 11.0 Beta Released With More Games Playable On Steam Play

Linux Begins Removing Support For Russia's Baikal CPUs

Fedora 44 Will Not Be Released Next Week