Flatpak 1.16.4 Patches a Silent Security Flaw That Let Sandboxed Apps Peek Outside Their Walls

Flatpak 1.16.4 fixes sandbox escape and three other security flaws

Flatpak, a Linux application sandboxing and distribution framework, released version 1.16.4, patching four security vulnerabilities. The most severe fix addresses a complete sandbox escape that leads to host file access and code execution in the host context, tracked as CVE-2026-34078. File system exposure Two additional fixes address file system exposure on the host. CVE-2026-34079 prevents arbitrary file deletion on the host filesystem. GHSA-2…

Flatpak 1.16.4 Patches a Silent Security Flaw That Let Sandboxed Apps Peek Outside Their Walls

A maintenance release for Flatpak, the Linux application sandboxing and distribution framework, has quietly fixed a security vulnerability that undermined one of the technology’s core promises: isolation. The bug, tracked as CVE-2025-4870, allowed a sandboxed application to obtain directory listings from the host system — information that should have been invisible to confined software. The fix arrived in Flatpak 1.16.4, released on June 2, 2025…

Flatpak 1.16.4 Brings Important Security Fixes For Sandbox Escape & Deleting Host Files

That Flatbox app sandboxing and distribution system is out today with important security updates...

Flatpak 1.16.4 Fixes Critical Sandbox Escape Vulnerability

Flatpak 1.16.4 addresses a critical sandbox escape vulnerability that could allow host file access and code execution, along with three additional security issues.