Severity by source
AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
4DescriptionCVE.org
Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on g_file_trash.
AnalysisAI
Flatpak xdg-desktop-portal versions before 1.20.4 and 1.21.x before 1.21.1 allow any sandboxed Flatpak application to delete arbitrary files on the host system through a symlink race condition in the g_file_trash function. The vulnerability exploits insufficient validation of file paths during trash operations, enabling local privilege escalation from a confined container context to affect host files. CVSS severity is low (2.9) due to high attack complexity and local-only vector, but the impact affects all Flatpak users whose host system contains a vulnerable xdg-desktop-portal installation.
Technical ContextAI
Flatpak xdg-desktop-portal is the system service responsible for portal requests from sandboxed Flatpak applications, acting as a trusted intermediary between confined apps and the host desktop environment. The vulnerability exists in the g_file_trash function, which handles file deletion operations initiated by Flatpak apps. The root cause is a classic time-of-check-time-of-use (TOCTOU) race condition (CWE-61) where the portal does not properly validate symlink targets before executing trash operations. An attacker within a Flatpak sandbox can create a symlink pointing to an arbitrary host file, then trigger a trash operation; if the symlink target is swapped between validation and execution, the portal may delete an unintended file with the privileges of the portal process. The CPE cpe:2.3:a:flatpak:xdg-desktop-portal:*:*:*:*:*:*:*:* indicates the vulnerability affects the xdg-desktop-portal component distributed by the Flatpak project across all versions prior to patching.
RemediationAI
Vendor-released patch: upgrade Flatpak xdg-desktop-portal to version 1.20.4 or later (for the 1.20 series) or version 1.21.1 or later (for the 1.21 series). On most Linux distributions, this is available through the system package manager (e.g., apt update && apt upgrade flatpak on Debian/Ubuntu, or dnf upgrade xdg-desktop-portal on Fedora). Verify the installed version with flatpak --version or by checking the xdg-desktop-portal version in your distribution's package manager. Interim mitigation prior to patching involves restricting which Flatpak applications are permitted to run (via Flatseal or flatpak override commands to disable portal access for untrusted apps), though this is not a complete security fix. Consult the security advisory at https://github.com/flatpak/xdg-desktop-portal/security/advisories/GHSA-rqr9-jwwf-wxgj and the openwall-oss-security discussion at https://www.openwall.com/lists/oss-security/2026/04/10/14 for distribution-specific guidance.
Same weakness CWE-61 – UNIX Symbolic Link (Symlink) Following
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21625
GHSA-v5fw-rcv7-v6f3