E-Ink News Daily

Back to list

Arbitrary code execution breaking sandboxes in KDE Plasma

A critical vulnerability in KDE Plasma allows arbitrary code execution by breaking out of application sandboxes like Flatpak. The exploit leverages the 'Open New Window' feature to spawn unsandboxed binaries on the host system, effectively bypassing security contexts and mount namespaces.

Background

KDE Plasma is a popular desktop environment for Linux, often used with sandboxed applications via Flatpak to enhance security. This vulnerability highlights significant flaws in how the desktop environment handles inter-process communication and window management for sandboxed apps.

Source
Lobsters
Published
Jul 3, 2026 at 10:39 AM
Score
9.0 / 10