Path Traversal in Flatpak

CVE-2026-34079

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache director…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.002 (38.4th percentile) — read the EPSS interpretation.