CVE-2026-34078
EUVD-2026-1997007.04.2026, 22:16
Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| flatpak | flatpak | 𝑥 ≤ 1.16.3 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| flatpak |
| ||||||||||||||
| flatpak-devel |
| ||||||||||||||
| flatpak-remote-flathub |
| ||||||||||||||
| flatpak-zsh-completion |
| ||||||||||||||
| libflatpak0 |
| ||||||||||||||
| system-user-flatpak |
| ||||||||||||||
| typelib-1_0-Flatpak-1_0 |
|