Breaking the Input: Sandbox Escape Hits libinput, Exposing Leading Linux Desktops

The core of modern Linux input handling is facing a significant security challenge. libinput, the essential library that manages everything from mouse clicks to touchpad gestures for display servers, has been hit by two distinct vulnerabilities. The most severe of these, a sandbox escape, could allow attackers to bypass security restrictions and execute code at the process’s privilege level.

The first vulnerability is tracked as CVE-2026-35093. At the heart of the issue is the libinput plugin system. While designed to restrict Lua plugins to basic logging and prevent unauthorized I/O , a critical flaw was found in the system loader.

The vulnerability, which carries a CVSS score of 8.8, stems from the way plugins are loaded:

“A bug in the plugin system loader allowed for precompiled byte-code to be loaded. This bytecode is not verified at runtime and thus not restricted by the sandbox”.

For an attacker, this is an open door. By deploying a malicious Lua plugin, they can bypass the intended restrictions and perform “basically anything Lua allows”. Depending on the user’s privileges, this could grant an intruder unrestricted access to the machine.

The second vulnerability, tracked as CVE-2026-35094, is a Use-After-Free issue with a lower CVSS score of 3.3. This flaw occurs when a plugin calls Lua’s garbage collection function, _gc().

According to the report, this action “left a dangling pointer in the device’s name which could be printed to the log”. While less critical than a full sandbox escape, this could still lead to “sensitive information being exposed” depending on what remains in that memory location.

The reach of these vulnerabilities depends heavily on how your Linux distribution and compositor handle plugins. Versions 1.31.0 and 1.30.0 through 1.30.2 are affected.

• Compositors at Risk: Currently, GNOME 50’s mutter, KWin (git), and Niri (git) are known to load these plugins.
• Safe Compositors: Users of wlroots, sway, and river are currently not affected.
• Distributions: Fedora 43 and 44 are explicitly mentioned as affected because they enable a specific “autoload-plugins” option. Other major distros like Ubuntu, Debian, and Arch are generally safer as they do not set this flag or use older versions of the library.

The good news for system administrators and users is that patches are already available. To secure your system, you should update to the following versions as soon as possible:

• libinput 1.31.1
• libinput 1.30.3

The community is also urged to audit any utilities run as root that utilize libinput, as these could provide an even higher-value target for exploitation.