PT-2026-31024 · Flatpak · Flatpak
Published
2026-04-07
·
Updated
2026-04-07
·
CVE-2026-34078
CVSS v4.0
9.3
Critical
| AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Flatpak versions prior to 1.16.4
Description
Flatpak, a Linux application sandboxing and distribution framework, had a flaw where versions before 1.16.4 allowed symlink traversal through the 'sandbox-expose' options of the Flatpak portal. This permitted app-controlled symlinks pointing to arbitrary paths, leading to the mounting of resolved host paths within the sandbox. This resulted in applications gaining access to host files and potentially achieving code execution in the host context.
Recommendations
Update to Flatpak version 1.16.4 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Flatpak