CVE-2026-34078

Flatpak has a complete sandbox escape leading to host file access and code execution in the host context

CVSS 9.3 CRITICALEPSS 1.6%CWE-61

In short

Flatpak's sandbox protection can be bypassed by tricking it into mounting arbitrary host files through specially crafted symlinks, allowing an app to access any file on the system and execute code with full system privileges.

Technical detail

CWE-61 symlink following vulnerability in Flatpak portal: sandbox-expose options accept app-controlled symlinks that resolve to arbitrary host paths; portal mounts the resolved paths into sandbox without proper validation, enabling arbitrary host file access and code execution in host context. Affected versions prior to 1.16.4.

Summary generated and translated by AI from the official description.

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

flatpak · flatpak

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/flatpak/flatpak/security/advisories/GHSA-cc2q-qc34-jprg http://www.openwall.com/lists/oss-security/2026/04/09/8 http://www.openwall.com/lists/oss-security/2026/04/10/14