Red Hat Product Errata RHSA-2026:23420 - Security Advisory Issued: 2026-06-04 Updated: 2026-06-04 RHSA-2026:23420 - Security Advisory Overview Updated Packages Synopsis Important: flatpak security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for flatpak is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options (CVE-2026-34078) flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation (CVE-2026-34079) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2456276 - CVE-2026-34078 flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options BZ - 2456284 - CVE-2026-34079 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation CVEs CVE-2026-34078 CVE-2026-34079 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM flatpak-1.16.0-5.el10_0.2.src.rpm SHA-256: e7bef415f798ee986c734c34e333370fc9b46c557c02f4e972fa158ec0648ed0 x86_64 flatpak-1.16.0-5.el10_0.2.x86_64.rpm SHA-256: 9b322a4614711aea166ebc5c29d6eeb0fa19e36c744bd3a4cc3246402da701b3 flatpak-debuginfo-1.16.0-5.el10_0.2.x86_64.rpm SHA-256: 512176b5b112be67138bfed0451eb892a1d9826575dd120d1741df5f8ab3f0cd flatpak-debugsource-1.16.0-5.el10_0.2.x86_64.rpm SHA-256: 814284740eacadf8e7b73b4ff423e7ad78d882a2c4738baede37c0506fd58ce9 flatpak-libs-1.16.0-5.el10_0.2.x86_64.rpm SHA-256: e31747050897eafbe3db0fae0b2f2aa5735fa5620331fddea30fbc3235a79071 flatpak-libs-debuginfo-1.16.0-5.el10_0.2.x86_64.rpm SHA-256: 1f229c9bff4def5fee6c5f20f21129aafa1f9a861fa166e88c79808427d305d9 flatpak-selinux-1.16.0-5.el10_0.2.noarch.rpm SHA-256: 45626b3c0c830a9fcc8f2ae8f6c4ef8e2388f1be0db30c280de3aa434ffed8eb flatpak-session-helper-1.16.0-5.el10_0.2.x86_64.rpm SHA-256: bc074068392c20c53813b43aaa1595e279f71b595e6682c497f9796a7c3797e0 flatpak-session-helper-debuginfo-1.16.0-5.el10_0.2.x86_64.rpm SHA-256: 18d0e7ffa7a28da4989bb1a554718f2c805931baa35b63d06545ef39b22d62cf flatpak-tests-debuginfo-1.16.0-5.el10_0.2.x86_64.rpm SHA-256: fc9c2932d87e6e18085831f07ccac6ea8c14600cd24113ae01c1d4c832506a93 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM flatpak-1.16.0-5.el10_0.2.src.rpm SHA-256: e7bef415f798ee986c734c34e333370fc9b46c557c02f4e972fa158ec0648ed0 s390x flatpak-1.16.0-5.el10_0.2.s390x.rpm SHA-256: 305a5599cdd8f97c9e0ae8b4f4bd4167b967b4c729794f1dc9af0d64a903c56f flatpak-debuginfo-1.16.0-5.el10_0.2.s390x.rpm SHA-256: 730a07c96f67945a58f55b84ceb5dd657effe532d61e031050591f39b204788a flatpak-debugsource-1.16.0-5.el10_0.2.s390x.rpm SHA-256: 82b3d463cd5720f7a642f4b5a699e1f4ec1161859c27079a1cce2ec2d3462f91 flatpak-libs-1.16.0-5.el10_0.2.s390x.rpm SHA-256: d9eb8a5051119f8941c10f98c84fb89fc3540b851c384d2172fc3ca7d08a2d03 flatpak-libs-debuginfo-1.16.0-5.el10_0.2.s390x.rpm SHA-256: 0a031ccb77402cb9948ef3cb9c4673da101dd4d5c6c870bf049a8e4b2ac005ad flatpak-selinux-1.16.0-5.el10_0.2.noarch.rpm SHA-256: 45626b3c0c830a9fcc8f2ae8f6c4ef8e2388f1be0db30c280de3aa434ffed8eb flatpak-session-helper-1.16.0-5.el10_0.2.s390x.rpm SHA-256: 0c2be1abac95ac1b72c8900c4f0c17ed69fb701d94a7a61de5a1cae0703d1d87 flatpak-session-helper-debuginfo-1.16.0-5.el10_0.2.s390x.rpm SHA-256: 4c9fb400fb15e068c22a78e8521c1927f59ca114e81c5f39b785378579dcc169 flatpak-tests-debuginfo-1.16.0-5.el10_0.2.s390x.rpm SHA-256: dd2c4dad772b51156159a9a866d02b01d140592bdd9130500fbd2d48a03fa5ce Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM flatpak-1.16.0-5.el10_0.2.src.rpm SHA-256: e7bef415f798ee986c734c34e333370fc9b46c557c02f4e972fa158ec0648ed0 ppc64le flatpak-1.16.0-5.el10_0.2.ppc64le.rpm SHA-256: b206a520d6a186d1423a226ea95def1bc69ff615942f43da80b5542a0a2f2ee3 flatpak-debuginfo-1.16.0-5.el10_0.2.ppc64le.rpm SHA-256: 79527797da81ca9f339f7a362b994a0bd203901ce685cb58c00fd1da8e0dce14 flatpak-debugsource-1.16.0-5.el10_0.2.ppc64le.rpm SHA-256: 01c164b910108a569fd91b4988ecc22ea24fdc9af93b0a32b120cd684cab023a flatpak-libs-1.16.0-5.el10_0.2.ppc64le.rpm SHA-256: 9ce76de44fff367e12c9ea798c2ba3aefe9b90692fbdfb8a2510b46b1bdcef55 flatpak-libs-debuginfo-1.16.0-5.el10_0.2.ppc64le.rpm SHA-256: 213bd308c1e991769134eb5024e9c4e2174032f394d515db9e87376cdef1462d flatpak-selinux-1.16.0-5.el10_0.2.noarch.rpm SHA-256: 45626b3c0c830a9fcc8f2ae8f6c4ef8e2388f1be0db30c280de3aa434ffed8eb flatpak-session-helper-1.16.0-5.el10_0.2.ppc64le.rpm SHA-256: 055ce80e71afe665654289ed74afa443894802c2ca11a9a5787b90a4da04fafe flatpak-session-helper-debuginfo-1.16.0-5.el10_0.2.ppc64le.rpm SHA-256: d0358e14d0ea597889360a5f4de07956140591f7a4348b3e12d29b23153e8d61 flatpak-tests-debuginfo-1.16.0-5.el10_0.2.ppc64le.rpm SHA-256: fb7782af55621f78c29595d5d9b741f0d77c9b438bcf0df9869480add5289cee Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM flatpak-1.16.0-5.el10_0.2.src.rpm SHA-256: e7bef415f798ee986c734c34e333370fc9b46c557c02f4e972fa158ec0648ed0 aarch64 flatpak-1.16.0-5.el10_0.2.aarch64.rpm SHA-256: e4df12b7baa3dee0c33e627cc5c6d16c060634b7677432ccd518399e3982c448 flatpak-debuginfo-1.16.0-5.el10_0.2.aarch64.rpm SHA-256: c8a1a27a72193d35cea75db607fc40ccb7b71b5b74c124bde60afb1710c6066d flatpak-debugsource-1.16.0-5.el10_0.2.aarch64.rpm SHA-256: 3f0305a9bfe44039babc442b7376e5bca74f75fd799cdcb13960fa8a99ee75dc flatpak-libs-1.16.0-5.el10_0.2.aarch64.rpm SHA-256: 07358a1681a6d6cb5ee20378cd34c9b67dd244446b141f91e77fd61861c20236 flatpak-libs-debuginfo-1.16.0-5.el10_0.2.aarch64.rpm SHA-256: 5cabe6979f54b99c4a51d315503231e32d5c4adcc741771b8562275b22d54e31 flatpak-selinux-1.16.0-5.el10_0.2.noarch.rpm SHA-256: 45626b3c0c830a9fcc8f2ae8f6c4ef8e2388f1be0db30c280de3aa434ffed8eb flatpak-session-helper-1.16.0-5.el10_0.2.aarch64.rpm SHA-256: be8bcde30bdbeaa3694f5da7cf8ca09ac7ac85ce6bf3e8b795450a144dc8406f flatpak-session-helper-debuginfo-1.16.0-5.el10_0.2.aarch64.rpm SHA-256: 1a814d6865ff8fdd841f1f29aca58500031632e6b7ea4f0e228f470a876ff8db flatpak-tests-debuginfo-1.16.0-5.el10_0.2.aarch64.rpm SHA-256: 34728703eef2e170b12005c66dc7d9b04c5e8ac34f78f7dc1c972add3be5ede9 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 SRPM x86_64 flatpak-debuginfo-1.16.0-5.el10_0.2.x86_64.rpm SHA-256: 512176b5b112be67138bfed0451eb892a1d9826575dd120d1741df5f8ab3f0cd flatpak-debugsource-1.16.0-5.el10_0.2.x86_64.rpm SHA-256: 814284740eacadf8e7b73b4ff423e7ad78d882a2c4738baede37c0506fd58ce9 flatpak-devel-1.16.0-5.el10_0.2.x86_64.rpm SHA-256: 64eab797b5ebafe9b9fa54a352cb84c5669a9bb26980405967f23c9159941c5b flatpak-libs-debuginfo-1.16.0-5.el10_0.2.x86_64.rpm SHA-256: 1f229c9bff4def5fee6c5f20f21129aafa1f9a861fa166e88c79808427d305d9 flatpak-session-helper-debuginfo-1.16.0-5.el10_0.2.x86_64.rpm SHA-256: 18d0e7ffa7a28da4989bb1a554718f2c805931baa35b63d06545ef39b22d62cf flatpak-tests-debuginfo-1.16.0-5.el10_0.2.x86_64.rpm SHA-256: fc9c2932d87e6e18085831f07ccac6ea8c14600cd24113ae01c1d4c832506a93 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 SRPM ppc64le flatpak-debuginfo-1.16.0-5.el10_0.2.ppc64le.rpm SHA-256: 79527797da81ca9f339f7a362b994a0bd203901ce685cb58c00fd1da8e0dce14 flatpak-debugsource-1.16.0-5.el10_0.2.ppc64le.rpm SHA-256: 01c164b910108a569fd91b4988ecc22ea24fdc9af93b0a32b120cd684cab023a flatpak-devel-1.16.0-5.el10_0.2.ppc64le.rpm SHA-256: ce3fd0ed883b13f2c1802f5aa278fec59239f90a8bd221ea822cf0b48f8a61b1 flatpak-libs-debuginfo-1.16.0-5.el10_0.2.ppc64le.rpm SHA-256: 213bd308c1e991769134eb5024e9c4e2174032f394d515db9e87376cdef1462d flatpak-session-helper-debuginfo-1.16.0-5.el10_0.2.ppc64le.rpm SHA-256: d0358e14d0ea597889360a5f4de07956140591f7a4348b3e12d29b23153e8d61 flatpak-tests-debuginfo-1.16.0-5.el10_0.2.ppc64le.rpm SHA-256: fb7782af55621f78c29595d5d9b741f0d77c9b438bcf0df9869480add5289cee Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 SRPM s390x flatpak-debuginfo-1.16.0-5.el10_0.2.s390x.rpm SHA-256: 730a07c96f67945a58f55b84ceb5dd657effe532d61e031050591f39b204788a flatpak-debugsource-1.16.0-5.