Low severity3.3NVD Advisory· Published Apr 1, 2026· Updated Apr 7, 2026
CVE-2026-35094
CVE-2026-35094
Description
A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could potentially expose sensitive data if the memory location is re-used, leading to information disclosure. For this exploit to work, Lua plugins must be enabled in libinput and loaded by the compositor.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5cpe:2.3:o:fedoraproject:fedora:43:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:43:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:44:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
2- access.redhat.com/security/cve/CVE-2026-35094nvdVDB EntryThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.