CVE Catalog

CVE-2026-34078

CriticalCVSS 10.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.68%

74th percentile — higher than 74% of all known CVEs

Summary

Flatpak before version 1.16.4 contains a vulnerability where the Flatpak portal accepts paths in the sandbox-expose options that can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox, giving apps access to all host files and can be used as a primitive to gain code execution in the host context.

Risk Assessment

The risk for the organization is that a malicious Flatpak application can gain unrestricted access to host system files, potentially leading to data theft, privilege escalation, and full system compromise.

Recommendation

It is recommended to immediately update Flatpak to version 1.16.4 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS