Security Advisory

CVE-2026-40354

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-11 00:29:03

Last updated 2026-04-15 15:14:27

Assigner mitre

State PUBLISHED

Description

Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on g_file_trash.

← Browse all CVEs View on cve.org ↗