10

CVE-2026-34078

Medienbericht

Flatpak has a complete sandbox escape leading to host file access and code execution in the host context

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FlatpakFlatpak Version <= 1.16.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.68% 0.74
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 3.9 6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
security-advisories@github.com 9.3 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 9 2.3 6
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CWE-61 UNIX Symbolic Link (Symlink) Following

The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
20.04.2026 16:46
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
16.04.2026 11:53
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
13.04.2026 16:21
https://github.com/flatpak/flatpak/security/advisories/GHSA-cc2q-qc34-jprg
Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/04/09/8
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2026/04/10/14
Third Party Advisory
Mailing List
https://access.redhat.com/errata/RHSA-2026:21755
https://access.redhat.com/errata/RHSA-2026:21756
https://access.redhat.com/errata/RHSA-2026:21757
https://access.redhat.com/errata/RHSA-2026:23417
https://access.redhat.com/errata/RHSA-2026:23418
https://access.redhat.com/errata/RHSA-2026:23419
https://access.redhat.com/errata/RHSA-2026:23420
https://access.redhat.com/errata/RHSA-2026:25068
https://access.redhat.com/errata/RHSA-2026:25381
https://access.redhat.com/errata/RHSA-2026:30901
https://access.redhat.com/security/cve/CVE-2026-34078
https://bugzilla.redhat.com/show_bug.cgi?id=2456276
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34078.json
https://access.redhat.com/errata/RHSA-2026:35843