CVE-2026-34078 in Flatpakالمعلومات

الملخص

بحسب MITRE • 08/04/2026

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

GitHub M

حجز

25/03/2026

إفشاء

08/04/2026

الاعتدال

تمت الموافقة

إدخال

VDB-355976

CPE

جاهز

CWE

CWE-61 (مؤكد)

CVSS

9.8 (VulDB)

EPSS

0.00050

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-34078
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-34078
CVE Details	https://www.cvedetails.com/cve/CVE-2026-34078/

التالي ▸نظرة عامة ◂ السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!