Home / mailings [USN-8288-1] Bubblewrap vulnerability
Posted on 21 May 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8288-1
May 20, 2026
bubblewrap vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
Summary:
Bubblewrap could be made to bypass sandbox restrictions.
Software Description:
- bubblewrap: Low-level unprivileged sandboxing tool used by Flatpak and similar projects
Details:
It was discovered that Bubblewrap incorrectly handled the sandbox
setup phase when installed in setuid mode. A local attacker could
possibly use this issue to bypass sandbox restrictions.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
bubblewrap 0.11.1-1ubuntu0.1
Ubuntu 25.10
bubblewrap 0.11.0-2ubuntu0.1
In general, a standard system update will make all the necessary
changes.
References:
https://ubuntu.com/security/notices/USN-8288-1
CVE-2026-41163
Package Information:
https://launchpad.net/ubuntu/+source/bubblewrap/0.11.1-1ubuntu0.1
https://launchpad.net/ubuntu/+source/bubblewrap/0.11.0-2ubuntu0.1
--===============8148470317566302217==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
