{"id":"ALSA-2026:21755","summary":"Important: flatpak security update","details":"Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.  \n\nSecurity Fix(es):  \n\n  * flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options (CVE-2026-34078)\n  * flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation (CVE-2026-34079)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n","modified":"2026-05-29T13:30:04.625411148Z","published":"2026-05-28T00:00:00Z","related":["CVE-2026-34078","CVE-2026-34079"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:21755"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-34078"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-34079"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2456276"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2456284"},{"type":"ADVISORY","url":"https://errata.almalinux.org/9/ALSA-2026-21755.html"}],"affected":[{"package":{"name":"flatpak","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/flatpak"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12.9-4.el9_8.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:21755.json"}},{"package":{"name":"flatpak-devel","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/flatpak-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12.9-4.el9_8.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:21755.json"}},{"package":{"name":"flatpak-libs","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/flatpak-libs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12.9-4.el9_8.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:21755.json"}},{"package":{"name":"flatpak-selinux","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/flatpak-selinux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12.9-4.el9_8.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:21755.json"}},{"package":{"name":"flatpak-session-helper","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/flatpak-session-helper"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12.9-4.el9_8.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:21755.json"}}],"schema_version":"1.7.5"}