CVE-2026-40354 | Flatpak xdg-desktop-portal up to 1.20.3/1.21.0 g_file_trash symlink (GHSA-rqr9-jwwf-wxgj)

Inserito da Angelo Barbosa | Apr 11, 2026 | CVE

A vulnerability, which was classified as critical, was found in Flatpak xdg-desktop-portal up to 1.20.3/1.21.0. Affected is the function g_file_trash. Such manipulation leads to symlink following.

This vulnerability is referenced as CVE-2026-40354. The attack can only be performed from a local environment. No exploit is available.

You should upgrade the affected component.

CVE-2026-40354 | Flatpak xdg-desktop-portal up to 1.20.3/1.21.0 g_file_trash symlink (GHSA-rqr9-jwwf-wxgj)

Post correlati

CVE-2024-25812 | MyNET up to 26.05 src cross site scripting

CVE-2025-62965 | wpseek Admin Management Xtended Plugin up to 2.5.1 on WordPress authorization

CVE-2025-25776 | Codeastro Bus Ticket Booking System 1.0 User Registration Full Name/Address cross site scripting

CVE-2025-0325 | Axis Communications AB AXIS OS up to 8.40.73/9.80.99/10.12.277/11.11.141/12.4.27 Guard Tour VAPIX API improper validation of specified type of input