Ubuntu Security Notice 4721-1 - Simon McVittieg discovered that flatpak-portal service allowed sandboxed applications to execute arbitrary code on the host system. A malicious user could create a Flatpak application that set environment variables, trusted by the Flatpak "run" command, and use it to execute arbitrary code outside the sandbox.
1e6437de8d13696893e975c8a53710c37dbc427fe3f6d15e6d18215b3f05ce89