Browse all 14 CVE security advisories affecting flatpak. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Flatpak serves as a universal Linux application distribution and sandboxing framework, enabling isolated software deployment across distributions. Historically, vulnerabilities have primarily centered on remote code execution through malicious updates and cross-site scripting flaws in embedded web content. Privilege escalation risks have emerged from improper sandbox boundary configurations, particularly in container escape scenarios. While no major public security incidents have been widely documented, the 14 recorded CVEs highlight ongoing concerns around update mechanisms and sandbox integrity. The technology's security model relies heavily on namespaces and seccomp filters, though implementation complexities can introduce exploitable gaps in container isolation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-39977 | flatpak-builder has a path traversal leading to arbitrary file read on host when installing licence files — flatpak-builderCWE-22 | 7.5AI | HighAI | 2026-04-09 |
This page lists every published CVE security advisory associated with flatpak. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.