COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-34078

CVE-2026-34078

Severity
critical
Source
NVD · cve
Published
2026-04-07
CVSS
10.0
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-34078
⚡ RCE shame 50/100 rce

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This g

Players implicated

flatpak · vendorflatpak · product

Description

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.