Description
A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library, leading to arbitrary code execution outside the sandbox and potential compromise of the user's system.
Published: 2026-07-16
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

Vendor Workaround

To mitigate this issue, restrict containerized applications from accessing the PulseAudio socket or writing to host-visible paths. Additionally, configure PipeWire to prevent module loading by setting `pulse.allow-module-loading = false` in the PipeWire PulseAudio configuration. Alternatively, restrict the `dlopen()` paths for `module-ladspa-sink` to trusted system directories like `/usr/lib/ladspa/` and `/usr/lib64/ladspa/`. Applying these changes may require restarting the PipeWire service to take effect, which could impact audio functionality.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Jul 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 16 Jul 2026 14:00:00 +0000

Type Values Removed Values Added
Description A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library, leading to arbitrary code execution outside the sandbox and potential compromise of the user's system.
Title Pipewire: pipewire: sandbox escape and arbitrary code execution via malicious library loading
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-427
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}


Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-07-16T14:03:16.054Z

Reserved: 2026-04-06T09:07:33.494Z

Link: CVE-2026-5674

cve-icon Vulnrichment

Updated: 2026-07-16T14:03:00.836Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses
  • CWE-427

    Uncontrolled Search Path Element