cbcvebase.
CVE-2026-34078
published 2026-04-07

CVE-2026-34078: Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can…

PriorityP268critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
1.68%
74.0th percentile
Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4.

Affected

3 ranges
VendorProductVersion rangeFixed in
debianflatpak< flatpak 1.16.4-1 (sid)flatpak 1.16.4-1 (sid)
flatpakflatpak< 1.16.41.16.4
flatpakflatpak<= 1.16.3

Detection & IOCsextracted from sources · hover to see the quote

  • The Flatpak portal accepts paths in sandbox-expose options that are app-controlled symlinks; monitor for symlink-based path traversal attempts in Flatpak portal sandbox-expose option handling, where resolved host paths outside the expected sandbox boundary are mounted into the sandbox.
  • Detect exploitation by monitoring for Flatpak sandbox processes gaining read/write access to arbitrary host filesystem paths (outside their expected sandbox root), which would indicate successful symlink-based sandbox escape.
  • Flag Flatpak installations running versions prior to 1.16.4 as vulnerable; patch to 1.16.4 or later (e.g., flatpak-1.16.6-1.fc42/fc43 for Fedora, 1.16.4-1 for Debian sid).
  • ·The vulnerability is exploitable locally by a malicious sandboxed Flatpak application; no network-based attack vector is present. Scope is local.
  • ·Red Hat states no mitigation meeting their criteria is currently available for affected RHEL packages (7, 8, 9, 10); patching to 1.16.4+ is the only fix.
  • ·Debian bookworm, bullseye, forky, and trixie remain open/unpatched as of the tracker snapshot; only sid is resolved with 1.16.4-1.

CVSS provenance

nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.