CVE-2026-34078
CriticalCVSS 10.0Exploitation Probability (EPSS)
Elevated risk74th percentile — higher than 74% of all known CVEs
Summary
Flatpak before version 1.16.4 contains a vulnerability where the Flatpak portal accepts paths in the sandbox-expose options that can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox, giving apps access to all host files and can be used as a primitive to gain code execution in the host context.
Risk Assessment
The risk for the organization is that a malicious Flatpak application can gain unrestricted access to host system files, potentially leading to data theft, privilege escalation, and full system compromise.
Recommendation
It is recommended to immediately update Flatpak to version 1.16.4 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4.

