High severity7.5NVD Advisory· Published Apr 7, 2026· Updated Apr 17, 2026
CVE-2026-34079
CVE-2026-34079
Description
Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache directory. This allows Flatpak apps to delete arbitrary files on the host. This vulnerability is fixed in 1.16.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
19- osv-coords17 versionspkg:rpm/almalinux/flatpakpkg:rpm/almalinux/flatpak-develpkg:rpm/almalinux/flatpak-libspkg:rpm/almalinux/flatpak-selinuxpkg:rpm/almalinux/flatpak-session-helperpkg:rpm/opensuse/flatpak&distro=openSUSE%20Tumbleweedpkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP7pkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6
< 1.12.9-4.el9_8.1+ 16 more
- (no CPE)range: < 1.12.9-4.el9_8.1
- (no CPE)range: < 1.12.9-4.el9_8.1
- (no CPE)range: < 1.12.9-4.el9_8.1
- (no CPE)range: < 1.12.9-4.el9_8.1
- (no CPE)range: < 1.12.9-4.el9_8.1
- (no CPE)range: < 1.16.6-1.1
- (no CPE)range: < 1.12.8-150400.3.12.1
- (no CPE)range: < 1.12.8-150400.3.12.1
- (no CPE)range: < 1.16.0-150500.3.18.1
- (no CPE)range: < 1.16.0-150500.3.18.1
- (no CPE)range: < 1.16.0-150600.3.9.1
- (no CPE)range: < 1.12.8-150400.3.12.1
- (no CPE)range: < 1.16.0-150500.3.18.1
- (no CPE)range: < 1.16.0-150600.3.9.1
- (no CPE)range: < 1.12.8-150400.3.12.1
- (no CPE)range: < 1.16.0-150500.3.18.1
- (no CPE)range: < 1.16.0-150600.3.9.1
Patches
Vulnerability mechanics
References
1- github.com/flatpak/flatpak/security/advisories/GHSA-p29x-r292-46ppnvdVendor Advisory
News mentions
0No linked articles in our index yet.