Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
Security Fix(es):
flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options (CVE-2026-34078)
flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation (CVE-2026-34079)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
0:1.12.9-4.el8_10Exploitability
AV:NAC:LPR:LUI:RScope
S:CImpact
C:HI:HA:HCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H