Just did a cursory read of the commits related to security for this release, and my assumpion based solely on the changes, is that it’s not a remote-access vulnerability, but a supply-chain-esque vulnerability where a video you downloaded from a questionable source might trigger code embedded in the metadata to be run by jellyfin.

That answers my question. If the USB dongle never disconnects from the machine, then I wouldn’t expect anything to show in dmesg, as the ‘sleep mode’ is likely occurring downstream of the USB dongle.

Are there any config utilities that came with it? Failing that, maybe wireshark the dongle and see if there is any sort of sleep/wake signal being passed back through to the host machine?

To clarify, you have a dongle paired with this keyboard permanently attached to the machine?