{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34078", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-25T16:21:40.868Z", "datePublished": "2026-04-07T21:27:45.643Z", "dateUpdated": "2026-04-08T15:39:14.338Z"}, "containers": {"cna": {"title": "Flatpak has a complete sandbox escape leading to host file access and code execution in the host context", "problemTypes": [{"descriptions": [{"cweId": "CWE-61", "lang": "en", "description": "CWE-61: UNIX Symbolic Link (Symlink) Following", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/flatpak/flatpak/security/advisories/GHSA-cc2q-qc34-jprg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-cc2q-qc34-jprg"}], "affected": [{"vendor": "flatpak", "product": "flatpak", "versions": [{"version": "< 1.16.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-07T21:27:45.643Z"}, "descriptions": [{"lang": "en", "value": "Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4."}], "source": {"advisory": "GHSA-cc2q-qc34-jprg", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T15:39:00.892192Z", "id": "CVE-2026-34078", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T15:39:14.338Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34078", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-25T16:21:40.868Z", "datePublished": "2026-04-07T21:27:45.643Z", "dateUpdated": "2026-04-08T15:39:14.338Z"}, "containers": {"cna": {"title": "Flatpak has a complete sandbox escape leading to host file access and code execution in the host context", "problemTypes": [{"descriptions": [{"cweId": "CWE-61", "lang": "en", "description": "CWE-61: UNIX Symbolic Link (Symlink) Following", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/flatpak/flatpak/security/advisories/GHSA-cc2q-qc34-jprg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-cc2q-qc34-jprg"}], "affected": [{"vendor": "flatpak", "product": "flatpak", "versions": [{"version": "< 1.16.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-07T21:27:45.643Z"}, "descriptions": [{"lang": "en", "value": "Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4."}], "source": {"advisory": "GHSA-cc2q-qc34-jprg", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34078", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-08T15:39:00.892192Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T15:39:09.938Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4."}], "id": "CVE-2026-34078", "lastModified": "2026-04-08T21:27:00.663", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-07T22:16:21.930", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-cc2q-qc34-jprg"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-61"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options", "id": "2456276", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456276"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-59", "details": ["A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. A malicious application could exploit this by using specially crafted symlinks within the sandbox-expose options of the Flatpak portal. This allows the application to access arbitrary host files and potentially achieve code execution on the host system, bypassing the intended security sandbox."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-34078", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "flatpak", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "flatpak", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "flatpak", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-07T21:27:45Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-34078\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-34078\nhttps://github.com/flatpak/flatpak/security/advisories/GHSA-cc2q-qc34-jprg"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.16.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "flatpak", "source": "cna", "vendor": "flatpak"}, "product": "flatpak", "vendor": "flatpak"}], "analysis": {"en": {"generated_at": "2026-04-08T13:22:29.666123+00:00", "value": {"mitigation_remediation": ["Upgrade Flatpak to version 1.16.4 or later.", "Disable or restrict use of the sandbox-expose portal options if not needed.", "Verify that all Flatpak applications use the latest version before deployment."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "All installations of Flatpak using the Flatpak portal preceding version 1.16.4 are affected. Users of the flatpak:flatpak product that rely on sandbox-expose feature must verify their current version and update. No other vendors or products are listed as impacted.", "description_and_impact": "The vulnerability allows an application running within a Flatpak sandbox to escape the confinement by creating symlinks that resolve to arbitrary host paths when passed to the sandbox-expose options. Once the host paths are mounted, the app gains unrestricted read and write access to all files on the host system and may execute code in the host context. This represents a significant compromise of confidentiality, integrity, and availability of the host environment. The weakness aligns with path traversal (CWE\u201159) and file inclusion (CWE\u201161).", "risk_and_exploitability": "The CVSS score of 9.3 classifies the flaw as critical, and while an EPSS score is not publicly available, the design of SandBox can be abused by any app that can be run locally by the user, implying a high likelihood of exploitation. The flaw is not listed in KEV, suggesting it may not yet be commonly exploited in the wild. The attack vector is inferred to be local, requiring an attacker to run a malicious or compromised Flatpak application that utilizes sandbox-expose. If such an app is executed, it can reach host files and potentially run code on the host."}}}}, "created": "2026-04-08T19:34:05.176252+00:00", "updated": "2026-04-08T19:45:31.288329+00:00", "vendors": ["flatpak", "flatpak$PRODUCT$flatpak"]}