CVE-2026-5674

CVE-2026-5674CVE-2026-5674

Description

A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library, leading to arbitrary code execution outside the sandbox and potential compromise of the user's system.

Scoring

CVSS 8.8 ()
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Last modified2026-07-16
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.