CVE-2026-5674
Received Received - Intake

Sandbox Escape via PipeWire PulseAudio Compatibility Layer

Vulnerability report for CVE-2026-5674, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: Red Hat, Inc.

Description

A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library, leading to arbitrary code execution outside the sandbox and potential compromise of the user's system.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-16
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
pipewire pipewire to 1.0.5 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-427 The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-5674 is a vulnerability in PipeWire, a multimedia server, that allows sandbox escape. An attacker with minimal permissions in a sandboxed environment (like Flatpak) can load a malicious library through PipeWire's PulseAudio compatibility layer. This leads to arbitrary code execution outside the sandbox, potentially compromising the entire system.

Detection Guidance

Check PipeWire version with 'pipewire --version' to see if it is 1.0.5 or older. Look for suspicious module loading activity in logs using 'journalctl -u pipewire' or 'grep -i ladspa /var/log/syslog'. Inspect directories like /tmp/ or user-writable paths for unexpected .so files.

Impact Analysis

This vulnerability allows attackers to break out of sandboxed applications, gaining full control over your system. Even with limited permissions, an attacker could execute malicious code, steal data, install malware, or perform other harmful actions on your computer.

Compliance Impact

This vulnerability could lead to unauthorized access to sensitive data, violating GDPR and HIPAA requirements for data protection. Organizations using affected PipeWire versions may face compliance failures, legal penalties, and reputational damage due to potential data breaches.

Mitigation Strategies

Disable module loading in PipeWire by setting 'pulse.allow-module-loading = false' in the PipeWire config. Restrict library loading to trusted paths like /usr/lib/ladspa/ by modifying PipeWire's configuration. Remove unnecessary write permissions from directories accessible to sandboxed applications.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5674. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart