Flatpak Xdg-desktop-portal — known CVE vulnerabilities
Every CVE whose affected-product data names Flatpak Xdg-desktop-portal, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (1)
CVE-2026-40354 — CVSS 2.9 (low): Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a…