CVE-2026-34079 — HIGH (7.5)

Q: How severe is CVE-2026-34079?

CVE-2026-34079 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-34079?

Check the references section above for vendor advisories and patch information. Affected products include: Flatpak Flatpak.

Vulnerability Description

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache directory. This allows Flatpak apps to delete arbitrary files on the host. This vulnerability is fixed in 1.16.4.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Flatpak	Flatpak	< 1.16.4

Related Weaknesses (CWE)

CWE-22

References

https://github.com/flatpak/flatpak/security/advisories/GHSA-p29x-r292-46ppVendor Advisory

FAQ

What is CVE-2026-34079?

CVE-2026-34079 is a vulnerability with a CVSS score of 7.5 (HIGH). Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the ...

How severe is CVE-2026-34079?

CVE-2026-34079 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-34079?

Check the references section above for vendor advisories and patch information. Affected products include: Flatpak Flatpak.