grok.org.uk:/#
xdg-desktop-portal: Cross-Flatpak File Theft via Predictable
FileTransfer Key
John Cartwright <johnc@grok.org.uk>
12th July 2026

CVE Reference: [ CVE-2026-55889 ]
GHSA Reference: [ GHSA-c5cf-79w8-pvfh ]

Introduction
------------
xdg-desktop-portal is the standard mechanism by which sandboxed
applications on Linux desktops (Flatpak, Snap, and others) interact
with the host system. It is present on essentially all modern GNOME,
KDE, and other freedesktop-based Linux desktop installations.

The FileTransfer interface allows sandboxed applications to exchange
files during drag-and-drop and copy-paste operations. Access control
is enforced by a secret key: the initiating application calls
StartTransfer, receives a key, and passes it out-of-band to the
receiving application, which calls RetrieveFiles with that key. The
security of this mechanism depends entirely on the key being
unguessable.

Analysis
--------
xdg-desktop-portal uses a single process-global GRand instance
(GLib's Mersenne Twister / MT19937 wrapper) for all random number
generation, including FileTransfer keys, document IDs, and session
tokens.

The vulnerable key generation in document-portal/file-transfer.c
constructed two 64-bit values from g_random_int() calls:

    g_snprintf (id, len, "%lx%lx",
                (gulong) g_random_int () << 32 | g_random_int (),
                (gulong) g_random_int () << 32 | g_random_int ());

A prior commit (f78c0b4, February 2026) doubled the key size from
64 to 128 bits, but did not address the underlying weakness: the key
material remained MT19937-derived and therefore predictable.

MT19937 is not a cryptographically secure PRNG. It has an internal
state of 624 32-bit words; once 624 consecutive outputs are observed,
the state is fully recoverable via standard untemper operations and
all subsequent outputs become deterministic. The attack proceeds:

1. The attacker harvests g_random_int outputs from xdp's process-
   global MT19937. The document-portal Documents.Add method is an
   effective oracle: each call generates a document ID via
   g_random_int, and the hex-encoded ID is returned to the caller.
   A burst of ~625 calls yields sufficient outputs.

2. The attacker applies the standard MT19937 untemper operation to
   recover the full internal state.

3. The attacker predicts future FileTransfer keys.

4. When a victim application initiates a drag-and-drop or copy-paste
   operation, the attacker calls RetrieveFiles with the predicted
   key before the legitimate recipient does.

RetrieveFiles does not verify the identity of the caller against the
intended recipient; possession of the key is sufficient to claim the
transfer.

Impact
------
A malicious sandboxed application with no special permissions can
silently intercept files being dragged or pasted between other
applications, stealing sensitive content without any visible
indication to the user. No portal dialogue is shown.

Affected Versions
-----------------
All versions of xdg-desktop-portal up to and including 1.22.0.

Solution
--------
Upgrade to xdg-desktop-portal 1.22.1, which replaces the MT19937-
based key generation with getrandom(2) (the Linux kernel CSPRNG).

Timeline
--------
31st May 2026
- Vulnerability reported to flatpak-security@lists.freedesktop.org
  as "Cross-Flatpak file theft via predictable FileTransfer key
  and missing recipient check (document-portal)".

13th June 2026
- Report acknowledged by Sebastian Wick (xdp maintainer).

18th June 2026
- CVE-2026-55889 published.
- xdg-desktop-portal 1.22.1 released with fix.

Notes
-----
Independently discovered by evilrabbit.

This advisory will be archived at
https://grok.org.uk/advisories/xdp-filetransfer.html