Red Hat Product Errata RHSA-2026:21757 - Security Advisory Issued: 2026-05-28 Updated: 2026-05-28 RHSA-2026:21757 - Security Advisory Overview Updated Packages Synopsis Important: flatpak security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for flatpak is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options (CVE-2026-34078) flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation (CVE-2026-34079) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.2 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Fixes BZ - 2456276 - CVE-2026-34078 flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options BZ - 2456284 - CVE-2026-34079 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation CVEs CVE-2026-34078 CVE-2026-34079 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM flatpak-1.16.0-9.el10_2.1.src.rpm SHA-256: 48037d09dae4aa33bd800ddd2f5c5f74fda04d7b4286f255487e99be0a47792e x86_64 flatpak-1.16.0-9.el10_2.1.x86_64.rpm SHA-256: 98bb05afc2a5ab28c230705b3fe0d7c75cbf19fa38db7f612bb36ea2ee6105d9 flatpak-debuginfo-1.16.0-9.el10_2.1.x86_64.rpm SHA-256: 87358c8b60961a45cf8c9599d6a4fc7828b190bf88d42011092255c1d512e109 flatpak-debugsource-1.16.0-9.el10_2.1.x86_64.rpm SHA-256: 37a580b1a282dc55ce75ac0aa205ee975d4b614947401bace0551a3ca7054e44 flatpak-libs-1.16.0-9.el10_2.1.x86_64.rpm SHA-256: 718653fdf5c26cd86d74615f8317da9b86c3c7af8abe70096147569ab7fcf8b3 flatpak-libs-debuginfo-1.16.0-9.el10_2.1.x86_64.rpm SHA-256: 709f08f705fc9a025870a867a737e456935f77f46a38c08dfb2c37c3b48fc6df flatpak-selinux-1.16.0-9.el10_2.1.noarch.rpm SHA-256: b2e747e1cc2ef5f7613bca1438b08cd56e5a1570835d32ac891a671a058db269 flatpak-session-helper-1.16.0-9.el10_2.1.x86_64.rpm SHA-256: 2ccca9c478c1d2ad6c660c742cd32c585b195f24af7457cf7542c3bee9fe29a6 flatpak-session-helper-debuginfo-1.16.0-9.el10_2.1.x86_64.rpm SHA-256: abdfb779ca71b6700eca932100439159e72d971a8d85694ca9624be827b0a769 flatpak-tests-debuginfo-1.16.0-9.el10_2.1.x86_64.rpm SHA-256: fa7bfaf99ff7cfbe7a6fbb1f3383e3e1024951d666b2d11f1018d5d62ce794c4 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 SRPM flatpak-1.16.0-9.el10_2.1.src.rpm SHA-256: 48037d09dae4aa33bd800ddd2f5c5f74fda04d7b4286f255487e99be0a47792e x86_64 flatpak-1.16.0-9.el10_2.1.x86_64.rpm SHA-256: 98bb05afc2a5ab28c230705b3fe0d7c75cbf19fa38db7f612bb36ea2ee6105d9 flatpak-debuginfo-1.16.0-9.el10_2.1.x86_64.rpm SHA-256: 87358c8b60961a45cf8c9599d6a4fc7828b190bf88d42011092255c1d512e109 flatpak-debugsource-1.16.0-9.el10_2.1.x86_64.rpm SHA-256: 37a580b1a282dc55ce75ac0aa205ee975d4b614947401bace0551a3ca7054e44 flatpak-libs-1.16.0-9.el10_2.1.x86_64.rpm SHA-256: 718653fdf5c26cd86d74615f8317da9b86c3c7af8abe70096147569ab7fcf8b3 flatpak-libs-debuginfo-1.16.0-9.el10_2.1.x86_64.rpm SHA-256: 709f08f705fc9a025870a867a737e456935f77f46a38c08dfb2c37c3b48fc6df flatpak-selinux-1.16.0-9.el10_2.1.noarch.rpm SHA-256: b2e747e1cc2ef5f7613bca1438b08cd56e5a1570835d32ac891a671a058db269 flatpak-session-helper-1.16.0-9.el10_2.1.x86_64.rpm SHA-256: 2ccca9c478c1d2ad6c660c742cd32c585b195f24af7457cf7542c3bee9fe29a6 flatpak-session-helper-debuginfo-1.16.0-9.el10_2.1.x86_64.rpm SHA-256: abdfb779ca71b6700eca932100439159e72d971a8d85694ca9624be827b0a769 flatpak-tests-debuginfo-1.16.0-9.el10_2.1.x86_64.rpm SHA-256: fa7bfaf99ff7cfbe7a6fbb1f3383e3e1024951d666b2d11f1018d5d62ce794c4 Red Hat Enterprise Linux for IBM z Systems 10 SRPM flatpak-1.16.0-9.el10_2.1.src.rpm SHA-256: 48037d09dae4aa33bd800ddd2f5c5f74fda04d7b4286f255487e99be0a47792e s390x flatpak-1.16.0-9.el10_2.1.s390x.rpm SHA-256: bf79bd62149382ee0cf2a661e64c06570cd7125d95b2790055794e3708e69632 flatpak-debuginfo-1.16.0-9.el10_2.1.s390x.rpm SHA-256: 0a6e785b3793c74f404785d4d839499a3b3f6b7f9a0d194c7cf8da8e5a6abba8 flatpak-debugsource-1.16.0-9.el10_2.1.s390x.rpm SHA-256: faa1c9ec989a42fb5144cb05fb278862042859cebd491b0399d47337f0e1c309 flatpak-libs-1.16.0-9.el10_2.1.s390x.rpm SHA-256: eddf6cb844616485e7526c7324a3073c38ff282b05015586840a91e44a534738 flatpak-libs-debuginfo-1.16.0-9.el10_2.1.s390x.rpm SHA-256: f1a14ab7376bd5be9a087d1198f47d66372b1e3c66732c4eac22ee3ca590c66f flatpak-selinux-1.16.0-9.el10_2.1.noarch.rpm SHA-256: b2e747e1cc2ef5f7613bca1438b08cd56e5a1570835d32ac891a671a058db269 flatpak-session-helper-1.16.0-9.el10_2.1.s390x.rpm SHA-256: fd7f277b6f2e2d9af3db533d56b30a15b7c44f80860e6cb5e23db58177211fe9 flatpak-session-helper-debuginfo-1.16.0-9.el10_2.1.s390x.rpm SHA-256: 1919a37eeff055ec3333d18b92ed68424c1de720d2efe390d7ddc1190cdeb664 flatpak-tests-debuginfo-1.16.0-9.el10_2.1.s390x.rpm SHA-256: 95785a345385dcaed3bcdebfaf74d6c4508d3ae42086b95a5460d84c2736a3a2 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 SRPM flatpak-1.16.0-9.el10_2.1.src.rpm SHA-256: 48037d09dae4aa33bd800ddd2f5c5f74fda04d7b4286f255487e99be0a47792e s390x flatpak-1.16.0-9.el10_2.1.s390x.rpm SHA-256: bf79bd62149382ee0cf2a661e64c06570cd7125d95b2790055794e3708e69632 flatpak-debuginfo-1.16.0-9.el10_2.1.s390x.rpm SHA-256: 0a6e785b3793c74f404785d4d839499a3b3f6b7f9a0d194c7cf8da8e5a6abba8 flatpak-debugsource-1.16.0-9.el10_2.1.s390x.rpm SHA-256: faa1c9ec989a42fb5144cb05fb278862042859cebd491b0399d47337f0e1c309 flatpak-libs-1.16.0-9.el10_2.1.s390x.rpm SHA-256: eddf6cb844616485e7526c7324a3073c38ff282b05015586840a91e44a534738 flatpak-libs-debuginfo-1.16.0-9.el10_2.1.s390x.rpm SHA-256: f1a14ab7376bd5be9a087d1198f47d66372b1e3c66732c4eac22ee3ca590c66f flatpak-selinux-1.16.0-9.el10_2.1.noarch.rpm SHA-256: b2e747e1cc2ef5f7613bca1438b08cd56e5a1570835d32ac891a671a058db269 flatpak-session-helper-1.16.0-9.el10_2.1.s390x.rpm SHA-256: fd7f277b6f2e2d9af3db533d56b30a15b7c44f80860e6cb5e23db58177211fe9 flatpak-session-helper-debuginfo-1.16.0-9.el10_2.1.s390x.rpm SHA-256: 1919a37eeff055ec3333d18b92ed68424c1de720d2efe390d7ddc1190cdeb664 flatpak-tests-debuginfo-1.16.0-9.el10_2.1.s390x.rpm SHA-256: 95785a345385dcaed3bcdebfaf74d6c4508d3ae42086b95a5460d84c2736a3a2 Red Hat Enterprise Linux for Power, little endian 10 SRPM flatpak-1.16.0-9.el10_2.1.src.rpm SHA-256: 48037d09dae4aa33bd800ddd2f5c5f74fda04d7b4286f255487e99be0a47792e ppc64le flatpak-1.16.0-9.el10_2.1.ppc64le.rpm SHA-256: 4373031875fa2967548d13f230228f54e013ab2dd758b459e0a13a0712914e86 flatpak-debuginfo-1.16.0-9.el10_2.1.ppc64le.rpm SHA-256: 994bb10bebf4146ff0ff1679efcf43b58481c3b076f1cdfb78701a28a57e740c flatpak-debugsource-1.16.0-9.el10_2.1.ppc64le.rpm SHA-256: 87b6c650f7068490f69a56e97ce9f18fc44276ea55d56c7ed7693a920947e440 flatpak-libs-1.16.0-9.el10_2.1.ppc64le.rpm SHA-256: 08bb092e7ddad624bd48052ee2848a45483336afd2c4c672eab6a51f37f6a4c9 flatpak-libs-debuginfo-1.16.0-9.el10_2.1.ppc64le.rpm SHA-256: 8f946c61cf88d79e6bbcf9940876bfa451a48eb8e61883c76bd9d165302cd918 flatpak-selinux-1.16.0-9.el10_2.1.noarch.rpm SHA-256: b2e747e1cc2ef5f7613bca1438b08cd56e5a1570835d32ac891a671a058db269 flatpak-session-helper-1.16.0-9.el10_2.1.ppc64le.rpm SHA-256: 4d6da93f3c94d556ddc3531505151019ea41310ddafa801407cfc83fe90557c0 flatpak-session-helper-debuginfo-1.16.0-9.el10_2.1.ppc64le.rpm SHA-256: 456d7f6446049d95b4f51cea183f88d4d257c60f7546b5e9ce408d969e3aae60 flatpak-tests-debuginfo-1.16.0-9.el10_2.1.ppc64le.rpm SHA-256: dff41d028ab09b06c177acbcea8f3b05946ee62c97cc78dc50e5f56d6dd7a6fc Red Hat Enterprise Li