xdg-desktop-portal: Cross-Flatpak File Theft via Predictable FileTransfer Key John Cartwright <johnc@grok.org.uk> 12th July 2026 CVE Reference: [ CVE-2026-55889 ] GHSA Reference: [ GHSA-c5cf-79w8-pvfh ] Introduction ------------ xdg-desktop-portal is the standard mechanism by which sandboxed applications on Linux desktops (Flatpak, Snap, and others) interact with the host system. It is present on essentially all modern GNOME, KDE, and other freedesktop-based Linux desktop installations. The FileTransfer interface allows sandboxed applications to exchange files during drag-and-drop and copy-paste operations. Access control is enforced by a secret key: the initiating application calls StartTransfer, receives a key, and passes it out-of-band to the receiving application, which calls RetrieveFiles with that key. The security of this mechanism depends entirely on the key being unguessable. Analysis -------- xdg-desktop-portal uses a single process-global GRand instance (GLib's Mersenne Twister / MT19937 wrapper) for all random number generation, including FileTransfer keys, document IDs, and session tokens. The vulnerable key generation in document-portal/file-transfer.c constructed two 64-bit values from g_random_int() calls: g_snprintf (id, len, "%lx%lx", (gulong) g_random_int () << 32 | g_random_int (), (gulong) g_random_int () << 32 | g_random_int ()); A prior commit (f78c0b4, February 2026) doubled the key size from 64 to 128 bits, but did not address the underlying weakness: the key material remained MT19937-derived and therefore predictable. MT19937 is not a cryptographically secure PRNG. It has an internal state of 624 32-bit words; once 624 consecutive outputs are observed, the state is fully recoverable via standard untemper operations and all subsequent outputs become deterministic. The attack proceeds: 1. The attacker harvests g_random_int outputs from xdp's process- global MT19937. The document-portal Documents.Add method is an effective oracle: each call generates a document ID via g_random_int, and the hex-encoded ID is returned to the caller. A burst of ~625 calls yields sufficient outputs. 2. The attacker applies the standard MT19937 untemper operation to recover the full internal state. 3. The attacker predicts future FileTransfer keys. 4. When a victim application initiates a drag-and-drop or copy-paste operation, the attacker calls RetrieveFiles with the predicted key before the legitimate recipient does. RetrieveFiles does not verify the identity of the caller against the intended recipient; possession of the key is sufficient to claim the transfer. Impact ------ A malicious sandboxed application with no special permissions can silently intercept files being dragged or pasted between other applications, stealing sensitive content without any visible indication to the user. No portal dialogue is shown. Affected Versions ----------------- All versions of xdg-desktop-portal up to and including 1.22.0. Solution -------- Upgrade to xdg-desktop-portal 1.22.1, which replaces the MT19937- based key generation with getrandom(2) (the Linux kernel CSPRNG). Timeline -------- 31st May 2026 - Vulnerability reported to flatpak-security@lists.freedesktop.org as "Cross-Flatpak file theft via predictable FileTransfer key and missing recipient check (document-portal)". 13th June 2026 - Report acknowledged by Sebastian Wick (xdp maintainer). 18th June 2026 - CVE-2026-55889 published. - xdg-desktop-portal 1.22.1 released with fix. Notes ----- Independently discovered by evilrabbit. This advisory will be archived at https://grok.org.uk/advisories/xdp-filetransfer.html