Vulnerability in Red Hat Enterprise Linux 10
CVE-2026-5674
A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions withi…
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.
Affected products
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_REDHAT, vdb-entry)
- secalert@redhat.com (x_refsource_REDHAT, issue-tracking)
Frequently asked questions
- What is CVE-2026-5674?
- CVE-2026-5674 is a high-severity vulnerability in Red Hat Enterprise Linux 10, classified under Uncontrolled Search Path Element. CVSS score: 8.8/10. Published 2026-07-16.
- How severe is CVE-2026-5674?
- High severity. CVSS v3 base score is 8.8 out of 10.