A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root code execution, for example, by exploiting REMOVE_CMD properties that are executed when a device is removed. This vulnerability allows an attacker to gain elevated privileges on the system.
This CVE has been withdrawn by MITRE
MITRE marked CVE-2026-50265 as REJECTED on . It is no longer considered a valid vulnerability record. The original content below is preserved for historical reference only.
This CVE ID was assigned as a duplicate of CVE-2026-50292
CVE-2026-50265
Score 7.0 from GitHub Security Advisory (severity: HIGH) published 2026-06-05. NVD baseline CVSS 7.0; sources differ by 0.0.
- High severity, but no confirmed exploitation yet
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- 7.0
- EG Score
- 7.0(low)
- EPSS
- 5.3%
- KEV
- Not listed
Published
June 5, 2026
Last Modified
June 5, 2026
Advisory Details (3)
Auto-updated Jun 12, 2026oss-security - Re: libinput: libinput-device-group unescaped phys output can inject udev properties
http://www.openwall.com/lists/oss-security/2026/06/04/162485390 – (CVE-2026-50292) CVE-2026-50292 libinput: local privilege escalation via crafted uinput devices
https://bugzilla.redhat.com/show_bug.cgi?id=2485390Vendor Advisories for CVE-2026-50265(2)
These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.
Weakness Classification(1)
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Frequently asked(5)
What is CVE-2026-50265?
When was CVE-2026-50265 disclosed?
Is CVE-2026-50265 actively exploited?
What is the CVSS score of CVE-2026-50265?
How do I remediate CVE-2026-50265?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2026-50265
Is Your Infrastructure Affected by CVE-2026-50265?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.