XDG Desktop Portal could be made to delete files.
Software Description:
- xdg-desktop-portal: A portal frontend service for Flatpak and other desktop containment frameworks
Details:
It was discovered that XDG Desktop Portal incorrectly handled
trashing files. A local attacker could possibly use this issue to
delete arbitrary files on the host file system via a symlink attack.
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 xdg-desktop-portal 1.20.3+ds-1ubuntu1.1 xdg-desktop-portal-dev 1.20.3+ds-1ubuntu1.1 Ubuntu 24.04 LTS xdg-desktop-portal 1.18.4-1ubuntu2.24.04.2 xdg-desktop-portal-dev 1.18.4-1ubuntu2.24.04.2 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-8287-1
CVE-2026-40354
Get the latest Linux and open source security news straight to your inbox.