10
CVE-2026-34078
- EPSS 1.68%
- Veröffentlicht 07.04.2026 21:27:45
- Zuletzt bearbeitet 06.07.2026 13:16:40
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Flatpak has a complete sandbox escape leading to host file access and code execution in the host context
Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.68% | 0.74 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
| security-advisories@github.com | 9.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 9 | 2.3 | 6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
|
CWE-59 Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CWE-61 UNIX Symbolic Link (Symlink) Following
The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://github.com/flatpak/flatpak/security/advisories/GHSA-cc2q-qc34-jprg
http://www.openwall.com/lists/oss-security/2026/04/09/8
http://www.openwall.com/lists/oss-security/2026/04/10/14
https://access.redhat.com/errata/RHSA-2026:21755
https://access.redhat.com/errata/RHSA-2026:21756
https://access.redhat.com/errata/RHSA-2026:21757
https://access.redhat.com/errata/RHSA-2026:23417
https://access.redhat.com/errata/RHSA-2026:23418
https://access.redhat.com/errata/RHSA-2026:23419
https://access.redhat.com/errata/RHSA-2026:23420
https://access.redhat.com/errata/RHSA-2026:25068
https://access.redhat.com/errata/RHSA-2026:25381
https://access.redhat.com/errata/RHSA-2026:30901
https://access.redhat.com/security/cve/CVE-2026-34078
https://bugzilla.redhat.com/show_bug.cgi?id=2456276
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34078.json
https://access.redhat.com/errata/RHSA-2026:35843