{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T03:13:22.476","vulnerabilities":[{"cve":{"id":"CVE-2026-40354","sourceIdentifier":"cve@mitre.org","published":"2026-04-11T01:16:16.270","lastModified":"2026-04-13T15:01:43.663","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on g_file_trash."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":2.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.4,"impactScore":1.4}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-61"}]}],"references":[{"url":"https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.20.4","source":"cve@mitre.org"},{"url":"https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.21.1","source":"cve@mitre.org"},{"url":"https://github.com/flatpak/xdg-desktop-portal/security/advisories/GHSA-rqr9-jwwf-wxgj","source":"cve@mitre.org"},{"url":"https://www.openwall.com/lists/oss-security/2026/04/10/14","source":"cve@mitre.org"}]}}]}