Home

Description

A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via xdg-desktop-portal-gtk can write a malicious .jar file to the host file system, set its executable bit, and trigger the handler to execute arbitrary code outside of the sandbox environment.

PUBLISHED Reserved 2026-05-28 | Published 2026-07-08 | Updated 2026-07-14 | Assigner canonical




HIGH: 8.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-20 Improper input validation

Product status

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Any version before 3.70+nmu1ubuntu1.22.04.1
affected

Any version before 3.70+nmu1ubuntu1.24.04.1
affected

Any version before 3.74ubuntu1.1
affected

Any version before 3.75ubuntu1.1
affected

Credits

Aaron Rainbolt finder

References

bugs.launchpad.net/ubuntu/+source/openjdk-25/+bug/2153100 issue-tracking

cve.org (CVE-2026-10037)

nvd.nist.gov (CVE-2026-10037)

Download JSON