diff --git a/pam-bsc1194818-cursor-escape.patch b/pam-bsc1194818-cursor-escape.patch
new file mode 100644
index 0000000..c2d46e0
--- /dev/null
+++ b/pam-bsc1194818-cursor-escape.patch
@@ -0,0 +1,38 @@
+https://github.com/linux-pam/linux-pam/pull/816
+
+From d52c44fa6e70f3c1420feceafe48dcba10bee51e Mon Sep 17 00:00:00 2001
+From: Stanislav Brabec <sbrabec@suse.cz>
+Date: Mon, 22 Jul 2024 23:18:16 +0200
+Subject: [PATCH] libpam_misc: Use ECHOCTL in the terminal input
+
+Use the canonical terminal mode (line mode) and set ECHOCTL to prevent
+cursor escape from the login prompt using arrows or escape sequences.
+
+ICANON is the default in most cases anyway. ECHOCTL is default on tty, but
+for example not on pty, allowing cursor to escape.
+
+Stanislav Brabec <sbrabec@suse.com>
+---
+ libpam_misc/misc_conv.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c
+index 7410e929..6b839b48 100644
+--- a/libpam_misc/misc_conv.c
++++ b/libpam_misc/misc_conv.c
+@@ -145,9 +145,10 @@ static int read_string(int echo, const char *prompt, char **retstr)
+ 	    return -1;
+ 	}
+ 	memcpy(&term_tmp, &term_before, sizeof(term_tmp));
+-	if (!echo) {
++	if (echo)
++	    term_tmp.c_lflag |= ICANON | ECHOCTL;
++	else
+ 	    term_tmp.c_lflag &= ~(ECHO);
+-	}
+ 	have_term = 1;
+ 
+ 	/*
+-- 
+2.45.2
+
diff --git a/pam.changes b/pam.changes
index cfad22d..a40057b 100644
--- a/pam.changes
+++ b/pam.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Jul 22 21:31:47 UTC 2024 - Stanislav Brabec <sbrabec@suse.com>
+
+- Prevent cursor escape from the login prompt [bsc#1194818]
+  * Added: pam-bsc1194818-cursor-escape.patch
+
 -------------------------------------------------------------------
 Wed Apr 10 07:12:02 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
 
diff --git a/pam.spec b/pam.spec
index 75915f7..8c9a480 100644
--- a/pam.spec
+++ b/pam.spec
@@ -96,6 +96,8 @@ Source22:       postlogin-account.pamd
 Source23:       postlogin-password.pamd
 Source24:       postlogin-session.pamd
 Patch1:         pam-limit-nproc.patch
+# https://github.com/linux-pam/linux-pam/pull/816
+Patch2:         pam-bsc1194818-cursor-escape.patch
 BuildRequires:  audit-devel
 BuildRequires:  bison
 BuildRequires:  flex