CVE-2026-2604

MEDIUM 5.6

Evolution-data-server: evolution data server: arbitrary file deletion via inconsistent uri handling

CVSS Score

5.6

EPSS Score

0.0%

EPSS Percentile

0th

A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or modification. Later, during contact deletion, the URI is processed with a less strict check, leading to the deletion of arbitrary files on the host filesystem. This could potentially include critical Flatpak override files.

CWE	CWE-73
Vendor	gnome
Product	evolution data server
Published	Jun 16, 2026
Last Updated	Jun 16, 2026

Stay Ahead of the Next One

Get instant alerts for gnome evolution data server

Be the first to know when new medium vulnerabilities affecting gnome evolution data server are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

Low

Affected Versions

GNOME / Evolution Data Server

0 < 3.59.3

Red Hat / Red Hat Enterprise Linux 10

All versions affected

Red Hat / Red Hat Enterprise Linux 6

All versions affected

Red Hat / Red Hat Enterprise Linux 7

All versions affected

Red Hat / Red Hat Enterprise Linux 8

All versions affected

Red Hat / Red Hat Enterprise Linux 9

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-2604 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2440301 gitlab.gnome.org: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/627 lists.debian.org: https://lists.debian.org/debian-lts-announce/2026/03/msg00007.html

Credits

Red Hat would like to thank Codean Labs for reporting this issue.