PT-2026-60475 · Flatpak+1 · Flatpak+1

CVE-2026-5674

·

Published

2026-07-16

·

Updated

2026-07-16

CVSS v3.1

8.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions PipeWire (affected versions not specified)
Description PipeWire contains an uncontrolled library search path within its PulseAudio compatibility layer. This flaw allows a process running inside a sandboxed application, such as Flatpak, to load a malicious library. By exploiting this mechanism, an attacker with minimal permissions can achieve arbitrary code execution outside the sandbox, bypassing the confinement provided by Flatpak and potentially compromising the user's system.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-5674

Affected Products

Flatpak
Pipewire