USN-4721-1: Flatpak vulnerability
Simon McVittieg discovered that flatpak-portal service allowed sandboxed
applications to execute arbitrary code on the host system (a sandbox
escape). A malicious user could create a Flatpak application that set
environment variables, trusted by the Flatpak “run” command, and use it
to execute arbitrary code outside the sandbox.
Source: USN-4721-1: Flatpak vulnerability
