PipeWire Sandbox Escape via PulseAudio Compat Layer
CVE-2026-5674 Published on July 16, 2026
Pipewire: pipewire: sandbox escape and arbitrary code execution via malicious library loading
A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library, leading to arbitrary code execution outside the sandbox and potential compromise of the user's system.
Vulnerability Analysis
CVE-2026-5674 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Timeline
Reported to Red Hat.
Made public. 89 days later.
Weakness Type
What is a DLL preloading Vulnerability?
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
CVE-2026-5674 has been classified to as a DLL preloading vulnerability or weakness.
Products Associated with CVE-2026-5674
Want to know whenever a new CVE is published for Red Hat Enterprise Linux (RHEL)? stack.watch will email you.