CVE-2026-34079

Name of the Vulnerable Software and Affected Versions Flatpak versions prior to 1.16.4

Description Flatpak, a Linux application sandboxing and distribution framework, contained a flaw where the caching mechanism for ld.so did not adequately verify that an application-controlled path to an outdated cache resided within the cache directory. This allowed Flatpak applications to delete arbitrary files on the host system.

Recommendations Update to Flatpak version 1.16.4 or later.