Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

flatpak — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting flatpak. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Flatpak serves as a universal Linux application distribution and sandboxing framework, enabling isolated software deployment across distributions. Historically, vulnerabilities have primarily centered on remote code execution through malicious updates and cross-site scripting flaws in embedded web content. Privilege escalation risks have emerged from improper sandbox boundary configurations, particularly in container escape scenarios. While no major public security incidents have been widely documented, the 14 recorded CVEs highlight ongoing concerns around update mechanisms and sandbox integrity. The technology's security model relies heavily on namespaces and seccomp filters, though implementation complexities can introduce exploitable gaps in container isolation.

Top products by flatpak: flatpak xdg-dbus-proxy flatpak-builder xdg-desktop-portal
CVE IDTitleCVSSSeverityPublished
CVE-2026-40354 XDG Desktop Portal 安全漏洞 — xdg-desktop-portalCWE-61 2.9 Low2026-04-11
CVE-2026-39977 flatpak-builder has a path traversal leading to arbitrary file read on host when installing licence files — flatpak-builderCWE-22 7.5AIHighAI2026-04-09
CVE-2026-34079 Flatpak affected by arbitrary file deletion on the host filesystem — flatpakCWE-22 7.1AIHighAI2026-04-07
CVE-2026-34078 Flatpak has a complete sandbox escape leading to host file access and code execution in the host context — flatpakCWE-61 7.8AIHighAI2026-04-07
CVE-2026-34080 xdg-dbus-proxy has an eavesdrop filter bypass allowing message interception — xdg-dbus-proxyCWE-1289 5.3AIMediumAI2026-04-07
CVE-2024-42472 Flatpak may allow access to files outside sandbox for certain apps — flatpakCWE-74 10.0 Critical2024-08-15
CVE-2024-32462 Flatpak vulnerable to a sandbox escape via RequestBackground portal due to bad argument parsing — flatpakCWE-88 8.4 High2024-04-18
CVE-2023-28101 Flatpak metadata with ANSI control codes can cause misleading terminal output — flatpakCWE-116 5.0 Medium2023-03-16
CVE-2023-28100 TIOCLINUX can send commands outside sandbox if running on a virtual console — flatpakCWE-20 10.0 Critical2023-03-16
CVE-2022-21682 flatpak-builder can access files outside the build directory. — flatpakCWE-22 7.7 High2022-01-13
CVE-2021-43860 Permissions granted to applications can be hidden from the user at install time — flatpakCWE-269 8.2 High2022-01-12
CVE-2021-41133 Sandbox bypass via recent VFS-manipulating syscalls — flatpakCWE-20 8.8 High2021-10-08
CVE-2021-21381 Sandbox escape via special tokens in .desktop file — flatpakCWE-74 7.1 High2021-03-11
CVE-2021-21261 Flatpak sandbox escape via spawn portal — flatpakCWE-74 7.3 High2021-01-14

This page lists every published CVE security advisory associated with flatpak. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.