Fedora 42 Flatpak 1.16.6 Critical Security Fixes for Code Execution
fedora
April 28, 2026
Update to 1.16.6 Fixes for CVE-2026-34078, CVE-2026-34079, GHSA-2fxp-43j9-pwvc and GHSA-89xm-3m96-w3jg
Summary
flatpak is a system for building, distributing and running sandboxed desktop
applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for
more information.
Update Information:
Update to 1.16.6 Fixes for CVE-2026-34078, CVE-2026-34079, GHSA-2fxp-43j9-pwvc and GHSA-89xm-3m96-w3jg
Topics Covered
Change Log
* Fri Apr 10 2026 Michael Catanzaro
References
[ 1 ] Bug #2456383 - CVE-2026-34078 flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2456383
[ 2 ] Bug #2456394 - CVE-2026-34079 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2456394
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-2a3e305ac4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Name: flatpak
Product: Fedora 42
Version: 1.16.6
Release: 1.fc42
URL: https://flatpak.org/
Summary: Application deployment framework for desktop apps
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!