SUSE-SU-2026:1541-1 | Mondoo Vulnerability Intelligence

SUSE-SU-2026:1541-1

UNKNOWN

Security update for flatpak

Published Apr 22, 2026

Modified 3 days ago

Fix available

Details

This update for flatpak fixes the following issues:

CVE-2026-34078: improper processing of app-controlled symlinks by sandbox-expose can lead to sandbox escape, host file access and code execution in the host context (bsc#1261769).
CVE-2026-34079: improper removal of outdated cache files allows for arbitrary file deletion on the host filesystem (bsc#1261770).

Affected Packages

flatpak

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP5-LTSSSUSE Linux Enterprise Server 15 SP5-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP5

Fixed in:

1.16.0-150500.3.18.1

flatpak-devel

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP5-LTSSSUSE Linux Enterprise Server 15 SP5-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP5

Fixed in:

1.16.0-150500.3.18.1

flatpak-remote-flathub

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP5-LTSSSUSE Linux Enterprise Server 15 SP5-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP5

Fixed in:

1.16.0-150500.3.18.1

flatpak-zsh-completion

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP5-LTSSSUSE Linux Enterprise Server 15 SP5-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP5

Fixed in:

1.16.0-150500.3.18.1

libflatpak0

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP5-LTSSSUSE Linux Enterprise Server 15 SP5-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP5

Fixed in:

1.16.0-150500.3.18.1

system-user-flatpak

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP5-LTSSSUSE Linux Enterprise Server 15 SP5-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP5

Fixed in:

1.16.0-150500.3.18.1

typelib-1_0-Flatpak-1_0

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP5-LTSSSUSE Linux Enterprise Server 15 SP5-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP5

Fixed in:

1.16.0-150500.3.18.1

References

https://bugzilla.suse.com/1261769

https://bugzilla.suse.com/1261770

https://www.suse.com/security/cve/CVE-2026-34078

https://www.suse.com/security/cve/CVE-2026-34079

https://www.suse.com/support/update/announcement/2026/suse-su-20261541-1/

Upstream

CVE-2026-34078 CVE-2026-34079

Related

CVE-2026-34078 CVE-2026-34079

Ecosystems

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP5

Timeline

PublishedApr 22, 2026

ModifiedApr 22, 2026