Nixpkgs security tracker
NIXPKGS-2026-0954
GitHub issue
published on
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
7 packages
- mpc-qt
- flatpak-builder
- flatpak-xdg-utils
- libsForQt5.flatpak-kcm
- kdePackages.flatpak-kcm
- plasma5Packages.flatpak-kcm
- haskellPackages.cabal-flatpak
- @LeSuisse deleted maintainer @getchoo maintainer.delete
- @LeSuisse accepted
- @LeSuisse published on GitHub
Flatpak has a complete sandbox escape leading to host file access and code execution in the host context
Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4.
References
-
https://github.com/flatpak/flatpak/security/advisories/GHSA-cc2q-qc34-jprg x_refsource_CONFIRM
Affected products
flatpak
- ==< 1.16.4
Matching in nixpkgs
Ignored packages (7)
pkgs.mpc-qt
Media Player Classic Qute Theater
-
nixos-25.11 24.12.1-flatpak
- nixos-25.11-small 24.12.1-flatpak
- nixpkgs-25.11-darwin 24.12.1-flatpak
pkgs.flatpak-builder
Tool to build flatpaks from source
pkgs.flatpak-xdg-utils
Commandline utilities for use inside Flatpak sandboxes
pkgs.libsForQt5.flatpak-kcm
None
pkgs.kdePackages.flatpak-kcm
Flatpak Permissions Management KCM
pkgs.plasma5Packages.flatpak-kcm
None
Package maintainers
Ignored maintainers (1)
-
@getchoo Seth Flynn <getchoo@tuta.io>