Flatpak 1.16.4 Brings Important Security Fixes For Sandbox Escape & Deleting Host Files
That Flatbox app sandboxing and distribution system is out today with important security updates.
First up with Flatpak 1.16.4 is a fix for CVE-2026-34078, which is a security issue allowing a complete sandbox escape leading to host file access and code execution in the host context. Ouch. The issue is due to Flatpak portal accepting paths in the sandbox-expose options that can be app-controlled symlinks pointing at arbitrary paths. Due to this apps can access all host files and can be used as a primitive for gaining code execution in the host context. Disabling Flatpak Portal is another way to workaround this issue but can cause app problems.
CVE-2026-34079 is also fixed and is for preventing arbitrary file deletion on the host file-system. CVE-2026-34079 stems from caching for ld.so removing outdated cache files without checking that the app controlled path to the outdated cache is in the cache directory.
GHSA-2fxp-43j9-pwvc is another security issue fixed for preventing arbitrary read-access to files in the system-helper context. Lastly there is a fix for preventing orphaning cross-user pull operations.
Flatpak 1.16.4 downloads and more details on the new release via GitHub.
Update: Related to Flatpak... XDG-Desktop-Portal 1.20.4 Released To Protect Against Apps Trashing Arbitrary Host Files
First up with Flatpak 1.16.4 is a fix for CVE-2026-34078, which is a security issue allowing a complete sandbox escape leading to host file access and code execution in the host context. Ouch. The issue is due to Flatpak portal accepting paths in the sandbox-expose options that can be app-controlled symlinks pointing at arbitrary paths. Due to this apps can access all host files and can be used as a primitive for gaining code execution in the host context. Disabling Flatpak Portal is another way to workaround this issue but can cause app problems.
CVE-2026-34079 is also fixed and is for preventing arbitrary file deletion on the host file-system. CVE-2026-34079 stems from caching for ld.so removing outdated cache files without checking that the app controlled path to the outdated cache is in the cache directory.
GHSA-2fxp-43j9-pwvc is another security issue fixed for preventing arbitrary read-access to files in the system-helper context. Lastly there is a fix for preventing orphaning cross-user pull operations.
Flatpak 1.16.4 downloads and more details on the new release via GitHub.
Update: Related to Flatpak... XDG-Desktop-Portal 1.20.4 Released To Protect Against Apps Trashing Arbitrary Host Files