CVE ID :CVE-2026-35094 Published : April 1, 2026, 2:16 p.m. | 25 minutes ago Description :A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could potentially expose sensitive data if the memory location is re-used, leading to information disclosure. For this exploit to work, Lua plugins must be enabled in libinput and loaded by the compositor. Severity: 3.3 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...