RockyLinux 10 : flatpak (RLSA-2026:21757)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21757 advisory. flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on...

MiracleLinux 8 : flatpak-1.12.9-4.el8_10 (AXSA:2026-753:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-753:02 advisory. flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on...

AlmaLinux 10 : flatpak (ALSA-2026:21757)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21757 advisory. flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on ho...

RHEL 8 : flatpak (RHSA-2026:21756)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21756 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...

RockyLinux 8 : flatpak (RLSA-2026:21756)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21756 advisory. flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on ho...

Astra Linux - уязвимость в flatpak

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak applications that had direct access to AFUNIX sockets—such as those used by Wayland, Pipewire, or pipewire-pulse—could trick portals and other host-...

Amazon Linux 2023 : xdg-desktop-portal, xdg-desktop-portal-devel (ALAS2023-2026-1669)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1669 advisory. Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on gfiletrash. CVE-2026-40354 Tenable has extracted t...

Unity Linux 20.1060e / 20.1070e Security Update: flatpak (UTSA-2026-017590)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017590 advisory. Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the applyextra script sandbox, which allows attackers to modify a host-side executable file...

Unity Linux 20.1060e / 20.1070e Security Update: flatpak (UTSA-2026-017552)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017552 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a...

Fedora 44 : flatpak (2026-24eedfaa6c)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-24eedfaa6c advisory. Update to 1.17.6 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

[SECURITY] [DSA 6207-1] flatpak security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6207-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 12, 2026 https://www.debian.org/security/faq -...

CVE-2026-40354

Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on gfiletrash...

SUSE CVE-2026-34078

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access ...

DEBIAN-CVE-2026-34079

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache directory. This allows Flatpak apps to delete arbitrary files on t...

EUVD-2026-19970

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access ...

Linux Distros Unpatched Vulnerability : CVE-2026-34079

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly...

MiracleLinux 7 : flatpak-1.0.9-13.0.1.el7.AXS7 (AXSA:2024-8901:07)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8901:07 advisory. CVE-2024-42472: access to files outside sandbox for apps using persistent directories CVEs: CVE-2024-42472 Flatpak is a Linux application sandboxing and...

MiracleLinux 7 : flatpak-1.0.9-11.el7 (AXSA:2021-1620:05)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1620:05 advisory. flatpak: file forwarding feature can be used to gain unprivileged access to files CVE-2021-21381 Tenable has extracted the preceding description block direct...

MiracleLinux 8 : flatpak-1.10.8-1.el8 (AXSA:2023-7197:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7197:04 advisory. flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console CVE-2023-28100 flatpak: Metadata with ANSI control codes can...

MiracleLinux 9 : flatpak-1.12.8-1.el9 (AXSA:2023-6670:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6670:03 advisory. flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console CVE-2023-28100 flatpak: Metadata with ANSI control codes can...