Found and patched!
CVE-2024-32462: Sandbox escape via RequestBackground portal and CWE-88 · Advisory · flatpak/flatpak
https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj
CVE-2024-32462: Sandbox escape via RequestBackground portal and CWE-88
Gergo Koteles discovered a sandbox escape when using Flatpak in conjunction with xdg-desktop-portal. ### Impact A malicious or compromised Flatpak app could execute arbitrary code outside its...GitHub