Tag
high
advisory
Libinput Code Injection Vulnerability via Malicious Lua Bytecode (CVE-2026-35093)
3 rules 6 TTPs 1 CVEA local attacker can exploit CVE-2026-35093 in libinput by placing a specially crafted Lua bytecode file in configuration directories, allowing arbitrary code execution with the privileges of the application using libinput.
libinput
code-injection
lua
cve-2026-35093
3r
6t
1c
high
advisory
Contour HTTPProxy Lua Code Injection via Cookie Path Rewrite
2 rules 3 TTPsContour's Cookie Rewriting feature is vulnerable to Lua code injection; an attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in the `spec.routes[].cookieRewritePolicies[].pathRewrite.value` or `spec.routes[].services[].cookieRewritePolicies[].pathRewrite.value` fields, resulting in arbitrary code execution in the Envoy proxy.
Contour
lua
code-injection
httpproxy
cve-2026-41246
2r
3t