First up with Flatpak 1.16.4 is a fix for CVE-2026-34078, which is a security issue allowing a complete sandbox escape leading to host file access and code execution in the host context. Ouch. The issue is due to Flatpak portal accepting paths in the sandbox-expose options that can be app-controlled symlinks pointing at arbitrary paths. Due to this apps can access all host files and can be used as a primitive for gaining code execution in the host context. Disabling Flatpak Portal is another way to workaround this issue but can cause app problems.

CVE-2026-34079 is also fixed and is for preventing arbitrary file deletion on the host file-system. CVE-2026-34079 stems from caching for ld.so removing outdated cache files without checking that the app controlled path to the outdated cache is in the cache directory.