CVE-2026-34078

UNKNOWN 0.0

Flatpak has a complete sandbox escape leading to host file access and code execution in the host context

CVSS Score

0.0

EPSS Score

0.2%

EPSS Percentile

36th

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4.

CWE	CWE-61
Vendor	flatpak
Product	flatpak
Published	Apr 7, 2026
Last Updated	Apr 11, 2026

Stay Ahead of the Next One

Get instant alerts for flatpak flatpak

Be the first to know when new unknown vulnerabilities affecting flatpak flatpak are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

flatpak / flatpak

< 1.16.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/flatpak/flatpak/security/advisories/GHSA-cc2q-qc34-jprg openwall.com: http://www.openwall.com/lists/oss-security/2026/04/09/8 openwall.com: http://www.openwall.com/lists/oss-security/2026/04/10/14