MGASA-2026-0133 Updated flatpak packages fix security vulnerabilities

Complete sandbox escape leading to host file access and code execution in the host context. CVE-2026-34078 Arbitrary file deletion on the host filesystem. CVE-2026-34079...

MGASA-2022-0131 Updated flatpak packages fix security vulnerability

Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there's a null byte in the metadata file of an app. CVE-2021-43860 Path traversal vulnerability CVE-2022-21682 Vario...

MGASA-2021-0486 Updated flatpak packages fix security vulnerability

Flatpak apps with direct access to AFUNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process, by manipulating the VFS using recent mount-related...

MGASA-2021-0143 Updated flatpak packages fix security vulnerabilities

Sandbox escape where a malicious application can execute code outside the sandbox by controlling the environment of the "flatpak run" command when spawning a sub-sandbox CVE-2021-21261. A potential attack where a flatpak application could use custom formatted .desktop files to gain access to file...

MGASA-2021-0145 Updated flatpak packages fix a security vulnerability

A potential attack where a flatpak application could use custom formatted .desktop files to gain access to files on the host system CVE-2021-21381...