Security Updates: Flatpak and xdg-dbus-proxy
Posted: Wed Apr 22, 2026 9:11 am
Today, new Debian security advisories were released addressing vulnerabilities in two widely used components: Flatpak and xdg-dbus-proxy.
Flatpak (DSA-6223-1)
A set of vulnerabilities (CVE-2026-34078, CVE-2026-34079) has been identified in Flatpak, the application sandboxing and deployment system used on many Linux desktops.
The issues could potentially allow a malicious Flatpak application to:
Delete or manipulate data on the host system
Escape the sandbox environment
Execute code in the host context
For Debian 12 (bookworm), this has been fixed in:
flatpak 1.14.10-1~deb12u2
Users are strongly advised to upgrade immediately if Flatpak is installed.
More details:
https://security-tracker.debian.org/tracker/flatpak
xdg-dbus-proxy (DSA-6224-1)
A vulnerability (CVE-2026-34080) was discovered in xdg-dbus-proxy, which is used to filter and control D-Bus communication between applications.
The flaw is related to incorrect parsing of policy rules and may allow:
Bypassing eavesdrop…login to view the rest of this post
Flatpak (DSA-6223-1)
A set of vulnerabilities (CVE-2026-34078, CVE-2026-34079) has been identified in Flatpak, the application sandboxing and deployment system used on many Linux desktops.
The issues could potentially allow a malicious Flatpak application to:
Delete or manipulate data on the host system
Escape the sandbox environment
Execute code in the host context
For Debian 12 (bookworm), this has been fixed in:
flatpak 1.14.10-1~deb12u2
Users are strongly advised to upgrade immediately if Flatpak is installed.
More details:
https://security-tracker.debian.org/tracker/flatpak
xdg-dbus-proxy (DSA-6224-1)
A vulnerability (CVE-2026-34080) was discovered in xdg-dbus-proxy, which is used to filter and control D-Bus communication between applications.
The flaw is related to incorrect parsing of policy rules and may allow:
Bypassing eavesdrop…login to view the rest of this post