CVE-2026-5674

Publication date 17 July 2026

Last updated 17 July 2026


Ubuntu priority

Cvss 3 Severity Score

8.8 · High

Score breakdown

Description

A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library, leading to arbitrary code execution outside the sandbox and potential compromise of the user's system.

Status

Package Ubuntu Release Status
pipewire 26.04 LTS resolute
Needs evaluation
24.04 LTS noble
Needs evaluation
22.04 LTS jammy
Needs evaluation
20.04 LTS focal
Needs evaluation

Severity score breakdown

CVSS version: CVSS v3.0

Base score 8.8 · High

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H


Access our resources on patching vulnerabilities