HIGH🇬🇧 English

CVE-2026-34079

CVSS 8.7v4.0pub. 2026-04-07upd. 2026-04-17

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache directory. This allows Flatpak apps to delete arbitrary files on the host. This vulnerability is fixed in 1.16.4.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Flatpak

    APP
    Flatpak
    < 1.16.4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2026-34078CRITICAL9.3PL ✓ten sam produkt

Flatpak: path traversal przez symlinki umożliwia RCE na hoście

CVE-2024-42472CRITICAL10.0PL ✓ten sam produkt

Flatpak: ucieczka z sandbox przez symlink w katalogu persistent

CVE-2023-28100CRITICAL10.0ten sam produkt

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions ...

CVE-2019-10063CRITICAL9.0ten sam produkt

Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak ve...

CVE-2024-32462HIGH8.4ten sam produkt

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versio...