Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0 can lead to local Denial-of-Service, information leak or even privilege escalation in the context of the currently active user session.CreditsMatthias Gerstner of SUSEReferenceshttps://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66005https://security.opensuse.org/2026/01/09/inputplumber-lack-of-dbus-auth.html
