CVE-2026-34078

CWE-61CWE-599 documents7 sources
Severity
9.3CRITICAL
EPSS
0.2%
top 60.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Flatpak Flatpak
Timeline
PublishedApr 7
Latest updateApr 8

Description

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5flatpak/flatpak< 1.16.4

🔴Vulnerability Details

2
OSV
CVE-2026-34078: Flatpak is a Linux application sandboxing and distribution framework2026-04-07
CVEList
Flatpak has a complete sandbox escape leading to host file access and code execution in the host context2026-04-07

📋Vendor Advisories

2
Red Hat
flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options2026-04-07
Debian
CVE-2026-34078: flatpak - Flatpak is a Linux application sandboxing and distribution framework. Prior to 1...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-34078 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

3
Bugzilla
CVE-2026-34078 flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options [fedora-42]2026-04-08
Bugzilla
CVE-2026-34078 flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options [fedora-43]2026-04-08
Bugzilla
CVE-2026-34078 flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options2026-04-07
CVE-2026-34078 (CRITICAL CVSS 9.3) | Flatpak is a Linux application sand | cvebase.io