8.8
CVE-2026-10037
- EPSS 0.12%
- Veröffentlicht 08.07.2026 21:18:56
- Zuletzt bearbeitet 09.07.2026 14:16:26
- Quelle security@ubuntu.com
- CVE-Watchlists
- Unerledigt
Sandbox Escape in Ubuntu OpenJDK Packages via xdg-desktop-portal
A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via xdg-desktop-portal-gtk can write a malicious .jar file to the host file system, set its executable bit, and trigger the handler to execute arbitrary code outside of the sandbox environment.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCanonical
≫
Produkt
Ubuntu
Default Statusunaffected
HerstellerCanonical
≫
Produkt
Ubuntu
Default Statusunaffected
HerstellerCanonical
≫
Produkt
Ubuntu
Default Statusunaffected
HerstellerCanonical
≫
Produkt
Ubuntu
Default Statusunaffected
HerstellerCanonical
≫
Produkt
Ubuntu
Default Statusunaffected
HerstellerCanonical
≫
Produkt
Ubuntu
Default Statusunaffected
HerstellerCanonical
≫
Produkt
Ubuntu
Default Statusunaffected
HerstellerCanonical
≫
Produkt
Ubuntu
Default Statusunaffected
HerstellerCanonical
≫
Produkt
Ubuntu
Default Statusunaffected
HerstellerCanonical
≫
Produkt
Ubuntu
Default Statusunaffected
Version
0
Version <
3.70+nmu1ubuntu1.22.04.1
Status
affected
Version
0
Version <
3.70+nmu1ubuntu1.24.04.1
Status
affected
Version
0
Version <
3.74ubuntu1.1
Status
affected
Version
0
Version <
3.75ubuntu1.1
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.022 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@ubuntu.com | 8.8 | 2 | 6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://bugs.launchpad.net/ubuntu/+source/openjdk-25/+bug/2153100