Tails 7.6.2 Emergency Update Fixes Critical Flatpak Vulnerability
Severity: High (Score: 72.8)
Sources: Heise.De, Feeds2.Feedburner
Summary
The Tails Project has released an emergency update to Tails version 7.6.2 to address a critical security vulnerability in Flatpak, identified as CVE-2026-34078. This vulnerability, with a CVSS score of 9.3, allows attackers to escape the sandbox environment of the Tor Browser and access arbitrary files on the host system. Users of Tails, a Linux distribution designed for anonymous internet browsing, are at risk if they do not update, as the vulnerability could enable unauthorized access to sensitive information stored in persistent storage. The vulnerability requires an initial exploit of another flaw to gain control over the Tor Browser. The update includes the Flatpak package version 1.16.6, which mitigates this risk. Users are urged to download the updated images for USB, DVD, or VM installations. This follows a recent update to version 7.6.1 that addressed another Tor Browser vulnerability. Key Points: • Tails 7.6.2 patches a critical Flatpak vulnerability (CVE-2026-34078) with a CVSS score of 9.3. • The vulnerability allows attackers to escape the Tor Browser's sandbox and access sensitive files. • Users are strongly advised to update to Tails 7.6.2 to protect against potential data breaches.