CVE-2026-50265: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Red Hat Red Hat Enterprise Linux 10
A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root code execution, for example, by exploiting REMOVE_CMD properties that are executed when a device is removed. This vulnerability allows an attacker to gain elevated privileges on the system.
AI Analysis
Technical Summary
This vulnerability in libinput allows a local attacker with access to /dev/uinput to inject arbitrary udev properties through the libinput-device-group helper. Specifically, the attacker can exploit REMOVE_CMD properties that execute commands when a device is removed, resulting in potential root code execution. This leads to privilege escalation on Red Hat Enterprise Linux 10 systems. The CVSS 3.1 vector indicates the attack requires local access with high attack complexity and low privileges but no user interaction, impacting confidentiality, integrity, and availability at a high level. The vendor advisory does not currently specify a patch or remediation status.
Potential Impact
Successful exploitation allows a local attacker to execute arbitrary commands as root, leading to full system compromise. This includes elevated privileges from a low-privilege local account, affecting system confidentiality, integrity, and availability. No known exploits are reported in the wild, but the impact of exploitation is severe due to root code execution.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-50265 for current remediation guidance. Until an official fix is available, restrict local access to /dev/uinput to trusted users only and monitor for unusual device removal commands. Avoid running untrusted code with access to device interfaces. Follow vendor updates closely for patches or official mitigations.
CVE-2026-50265: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Red Hat Red Hat Enterprise Linux 10
Description
A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root code execution, for example, by exploiting REMOVE_CMD properties that are executed when a device is removed. This vulnerability allows an attacker to gain elevated privileges on the system.
CVSS v3.1
Score 7.0high
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in libinput allows a local attacker with access to /dev/uinput to inject arbitrary udev properties through the libinput-device-group helper. Specifically, the attacker can exploit REMOVE_CMD properties that execute commands when a device is removed, resulting in potential root code execution. This leads to privilege escalation on Red Hat Enterprise Linux 10 systems. The CVSS 3.1 vector indicates the attack requires local access with high attack complexity and low privileges but no user interaction, impacting confidentiality, integrity, and availability at a high level. The vendor advisory does not currently specify a patch or remediation status.
Potential Impact
Successful exploitation allows a local attacker to execute arbitrary commands as root, leading to full system compromise. This includes elevated privileges from a low-privilege local account, affecting system confidentiality, integrity, and availability. No known exploits are reported in the wild, but the impact of exploitation is severe due to root code execution.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-50265 for current remediation guidance. Until an official fix is available, restrict local access to /dev/uinput to trusted users only and monitor for unusual device removal commands. Avoid running untrusted code with access to device interfaces. Follow vendor updates closely for patches or official mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-06-04T14:55:24.012Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-50265","vendor":"Red Hat"}]
Threat ID: 6a22a609e29bf47b505aa2a1
Added to database: 6/5/2026, 10:33:45 AM
Last enriched: 6/5/2026, 10:48:32 AM
Last updated: 6/5/2026, 2:07:06 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.