libinput vulnerability

The libinput vulnerability tag covers CVE-2026-50292, a root-level remote code execution flaw in the Linux input stack disclosed in June 2026 and fixed in libinput 1.30.4 and 1.31.3. The bug involves unescaped physical device information abused through udev handling, allowing arbitrary code execution as root on affected Linux systems. While Windows does not ship libinput, the vulnerability is relevant to Windows administrators managing mixed estates or Linux workloads, as Microsoft's MSRC Update Guide now tracks risks affecting the broader software supply chain. This tag highlights how endpoint security must consider cross-platform dependencies and the importance of patching Linux components in hybrid environments.