Nixpkgs security tracker
Untriaged
Flatpak has a complete sandbox escape leading to host file access and code execution in the host context
Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4.
References
-
https://github.com/flatpak/flatpak/security/advisories/GHSA-cc2q-qc34-jprg x_refsource_CONFIRM
Affected products
flatpak
- ==< 1.16.4
Matching in nixpkgs
pkgs.mpc-qt
Media Player Classic Qute Theater
-
nixos-25.11 24.12.1-flatpak
- nixos-25.11-small 24.12.1-flatpak
- nixpkgs-25.11-darwin 24.12.1-flatpak
pkgs.flatpak
Linux application sandboxing and distribution framework
pkgs.flatpak-builder
Tool to build flatpaks from source
pkgs.flatpak-xdg-utils
Commandline utilities for use inside Flatpak sandboxes
pkgs.libsForQt5.flatpak-kcm
None
pkgs.kdePackages.flatpak-kcm
Flatpak Permissions Management KCM
pkgs.plasma5Packages.flatpak-kcm
None
Package maintainers
-
@getchoo Seth Flynn <getchoo@tuta.io>
-
@arthsmn Arthur Cerqueira
-
@michaelgrahamevans Michael Evans <michaelgrahamevans@gmail.com>
-
@thielema Henning Thielemann <nix@henning-thielemann.de>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@K900 Ilya K. <me@0upti.me>
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@nyanloutre Paul Trehiou <paul@nyanlout.re>
-
@romildo José Romildo Malaquias <malaquias@gmail.com>