CVE-2026-34079

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Flatpak versions prior to 1.16.4

Description Flatpak, a Linux application sandboxing and distribution framework, contained a flaw where the caching mechanism for ld.so did not adequately verify that an application-controlled path to an outdated cache resided within the cache directory. This allowed Flatpak applications to delete arbitrary files on the host system.

Recommendations Update to Flatpak version 1.16.4 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALSA-2026:21755

ALSA-2026:21756

ALSA-2026:21757

BDU:2026-05832

CVE-2026-34079

OPENSUSE-SU-2026:10541-1

SUSE-SU-2026:1511-1

SUSE-SU-2026:1541-1

SUSE-SU-2026:1600-1

Affected Products

Flatpak

Rocky Linux

CVE-2026-34079

Weakness Enumeration

Related Identifiers

Affected Products

References · 38