{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Critical" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"flatpak security update", "category":"general", "title":"Synopsis" }, { "text":"An update for flatpak is now available for openEuler-24.03-LTS-SP3", "category":"general", "title":"Summary" }, { "text":"flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information.\n\nSecurity Fix(es):\n\nEvery Flatpak app is able to read and write arbitrary files on the host and execute code in the host context, resulting in a sandbox escape vulnerability.(CVE-2026-34078)\n\nFlatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache directory. This allows Flatpak apps to delete arbitrary files on the host. This vulnerability is fixed in 1.16.4.(CVE-2026-34079)", "category":"general", "title":"Description" }, { "text":"An update for flatpak is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2/openEuler-24.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Critical", "category":"general", "title":"Severity" }, { "text":"flatpak", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-2591", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2591" }, { "summary":"CVE-2026-34078", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-34078&packageName=flatpak" }, { "summary":"CVE-2026-34079", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-34079&packageName=flatpak" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34078" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34079" }, { "summary":"openEuler-SA-2026-2591 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-2591.json" } ], "title":"An update for flatpak is now available for openEuler-24.03-LTS-SP3", "tracking":{ "initial_release_date":"2026-06-08T15:01:40+08:00", "revision_history":[ { "date":"2026-06-08T15:01:40+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-06-08T15:01:40+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-06-08T15:01:40+08:00", "id":"openEuler-SA-2026-2591", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openEuler-24.03-LTS-SP3", "name":"openEuler-24.03-LTS-SP3" }, "name":"openEuler-24.03-LTS-SP3", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"flatpak-1.10.2-12.oe2403sp3.aarch64.rpm", "name":"flatpak-1.10.2-12.oe2403sp3.aarch64.rpm" }, "name":"flatpak-1.10.2-12.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"flatpak-debuginfo-1.10.2-12.oe2403sp3.aarch64.rpm", "name":"flatpak-debuginfo-1.10.2-12.oe2403sp3.aarch64.rpm" }, "name":"flatpak-debuginfo-1.10.2-12.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"flatpak-debugsource-1.10.2-12.oe2403sp3.aarch64.rpm", "name":"flatpak-debugsource-1.10.2-12.oe2403sp3.aarch64.rpm" }, "name":"flatpak-debugsource-1.10.2-12.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"flatpak-devel-1.10.2-12.oe2403sp3.aarch64.rpm", "name":"flatpak-devel-1.10.2-12.oe2403sp3.aarch64.rpm" }, "name":"flatpak-devel-1.10.2-12.oe2403sp3.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"flatpak-1.10.2-12.oe2403sp3.src.rpm", "name":"flatpak-1.10.2-12.oe2403sp3.src.rpm" }, "name":"flatpak-1.10.2-12.oe2403sp3.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"flatpak-1.10.2-12.oe2403sp3.x86_64.rpm", "name":"flatpak-1.10.2-12.oe2403sp3.x86_64.rpm" }, "name":"flatpak-1.10.2-12.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"flatpak-debuginfo-1.10.2-12.oe2403sp3.x86_64.rpm", "name":"flatpak-debuginfo-1.10.2-12.oe2403sp3.x86_64.rpm" }, "name":"flatpak-debuginfo-1.10.2-12.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"flatpak-debugsource-1.10.2-12.oe2403sp3.x86_64.rpm", "name":"flatpak-debugsource-1.10.2-12.oe2403sp3.x86_64.rpm" }, "name":"flatpak-debugsource-1.10.2-12.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"flatpak-devel-1.10.2-12.oe2403sp3.x86_64.rpm", "name":"flatpak-devel-1.10.2-12.oe2403sp3.x86_64.rpm" }, "name":"flatpak-devel-1.10.2-12.oe2403sp3.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"flatpak-help-1.10.2-12.oe2403sp3.noarch.rpm", "name":"flatpak-help-1.10.2-12.oe2403sp3.noarch.rpm" }, "name":"flatpak-help-1.10.2-12.oe2403sp3.noarch.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"flatpak-1.10.2-12.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:flatpak-1.10.2-12.oe2403sp3.aarch64", "name":"flatpak-1.10.2-12.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"flatpak-debuginfo-1.10.2-12.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:flatpak-debuginfo-1.10.2-12.oe2403sp3.aarch64", "name":"flatpak-debuginfo-1.10.2-12.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"flatpak-debugsource-1.10.2-12.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:flatpak-debugsource-1.10.2-12.oe2403sp3.aarch64", "name":"flatpak-debugsource-1.10.2-12.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"flatpak-devel-1.10.2-12.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:flatpak-devel-1.10.2-12.oe2403sp3.aarch64", "name":"flatpak-devel-1.10.2-12.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"flatpak-1.10.2-12.oe2403sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:flatpak-1.10.2-12.oe2403sp3.src", "name":"flatpak-1.10.2-12.oe2403sp3.src as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"flatpak-1.10.2-12.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:flatpak-1.10.2-12.oe2403sp3.x86_64", "name":"flatpak-1.10.2-12.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"flatpak-debuginfo-1.10.2-12.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:flatpak-debuginfo-1.10.2-12.oe2403sp3.x86_64", "name":"flatpak-debuginfo-1.10.2-12.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"flatpak-debugsource-1.10.2-12.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:flatpak-debugsource-1.10.2-12.oe2403sp3.x86_64", "name":"flatpak-debugsource-1.10.2-12.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"flatpak-devel-1.10.2-12.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:flatpak-devel-1.10.2-12.oe2403sp3.x86_64", "name":"flatpak-devel-1.10.2-12.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"flatpak-help-1.10.2-12.oe2403sp3.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:flatpak-help-1.10.2-12.oe2403sp3.noarch", "name":"flatpak-help-1.10.2-12.oe2403sp3.noarch as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-34078", "notes":[ { "text":"Every Flatpak app is able to read and write arbitrary files on the host and execute code in the host context, resulting in a sandbox escape vulnerability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:flatpak-1.10.2-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:flatpak-debuginfo-1.10.2-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:flatpak-debugsource-1.10.2-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:flatpak-devel-1.10.2-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:flatpak-1.10.2-12.oe2403sp3.src", "openEuler-24.03-LTS-SP3:flatpak-1.10.2-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:flatpak-debuginfo-1.10.2-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:flatpak-debugsource-1.10.2-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:flatpak-devel-1.10.2-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:flatpak-help-1.10.2-12.oe2403sp3.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:flatpak-1.10.2-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:flatpak-debuginfo-1.10.2-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:flatpak-debugsource-1.10.2-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:flatpak-devel-1.10.2-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:flatpak-1.10.2-12.oe2403sp3.src", "openEuler-24.03-LTS-SP3:flatpak-1.10.2-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:flatpak-debuginfo-1.10.2-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:flatpak-debugsource-1.10.2-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:flatpak-devel-1.10.2-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:flatpak-help-1.10.2-12.oe2403sp3.noarch" ], "details":"flatpak security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2591" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.3, "vectorString":"CVSS:3.1/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:flatpak-1.10.2-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:flatpak-debuginfo-1.10.2-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:flatpak-debugsource-1.10.2-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:flatpak-devel-1.10.2-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:flatpak-1.10.2-12.oe2403sp3.src", "openEuler-24.03-LTS-SP3:flatpak-1.10.2-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:flatpak-debuginfo-1.10.2-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:flatpak-debugsource-1.10.2-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:flatpak-devel-1.10.2-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:flatpak-help-1.10.2-12.oe2403sp3.noarch" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2026-34078" }, { "cve":"CVE-2026-34079", "notes":[ { "text":"Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache directory. This allows Flatpak apps to delete arbitrary files on the host. This vulnerability is fixed in 1.16.4.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:flatpak-1.10.2-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:flatpak-debuginfo-1.10.2-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:flatpak-debugsource-1.10.2-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:flatpak-devel-1.10.2-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:flatpak-1.10.2-12.oe2403sp3.src", "openEuler-24.03-LTS-SP3:flatpak-1.10.2-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:flatpak-debuginfo-1.10.2-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:flatpak-debugsource-1.10.2-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:flatpak-devel-1.10.2-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:flatpak-help-1.10.2-12.oe2403sp3.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:flatpak-1.10.2-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:flatpak-debuginfo-1.10.2-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:flatpak-debugsource-1.10.2-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:flatpak-devel-1.10.2-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:flatpak-1.10.2-12.oe2403sp3.src", "openEuler-24.03-LTS-SP3:flatpak-1.10.2-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:flatpak-debuginfo-1.10.2-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:flatpak-debugsource-1.10.2-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:flatpak-devel-1.10.2-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:flatpak-help-1.10.2-12.oe2403sp3.noarch" ], "details":"flatpak security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2591" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:flatpak-1.10.2-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:flatpak-debuginfo-1.10.2-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:flatpak-debugsource-1.10.2-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:flatpak-devel-1.10.2-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:flatpak-1.10.2-12.oe2403sp3.src", "openEuler-24.03-LTS-SP3:flatpak-1.10.2-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:flatpak-debuginfo-1.10.2-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:flatpak-debugsource-1.10.2-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:flatpak-devel-1.10.2-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:flatpak-help-1.10.2-12.oe2403sp3.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-34079" } ] }