It was discovered that Flatpak, an application deployment framework for desktop apps, insufficiently restricted the execution of apply_extra scripts which could potentially result in privilege escalation.